Don’t Build Your Cybersecurity Confidence on the Sand

-




            The Bible uses the now-famous parable of the house that was built on the sand. When the rains came and the storms hit, the house fell because it did not have a firm foundation. Unfortunately, the cyber departments of many organizations are running the same way. They have survived the last couple of years without a major incident and so they believe they are secure.

A recent article released by Help Net Security revealed that Chief Information Security Officers (CISOs) are becoming increasingly confident that their organizations will not suffer from costly cyber attacks. In fact, the number of CISOs who believe they are likely to suffer an attack in the next twelve months has dropped by almost 16%! Yet, the problem with this stat is, as the article notes, very few of these CISOs have made any significant improvements to their security environments to reduce these attacks. Instead, the increased confidence in the resiliency of their departments stems from the idea that they didn’t suffer a costly attack last year. Such confidence makes little sense.

If police inform you that there is a crime spree in your neighborhood, do you ignore them because you didn’t get robbed last year or would you take extra care to make sure your house is protected? If your doctor says that you are at risk of a heart attack, do you ignore him because you didn’t suffer a life-threatening heart attack last year or would you get a second opinion and take steps to protect yourself? Most people would consider ignoring such warnings to be foolhardy. Yet, this is exactly what many CISOs are saying about cyber attacks.

The truth is that cyber experts across the world are raising the alarm that attacks are coming. Statistics support these claims. Cybercrime statistics from April 2022 show that the number of organizations suffering cyber-attacks has increased by 600%. Meanwhile, the cost of such cyber-attacks has increased by more than 15% each year. Nor are these attacks aimed at large corporations, governments, and big businesses.

In fact, almost half of all cyber-attacks are aimed at small businesses. Unfortunately, most of these small businesses are easy targets for even the most unskilled attackers. Reports show that less than 30% of small businesses take even the most basic steps to defend themselves against financial loss from cyber attacks. Such a statistic is unsurprising when reports show that less than 5% of small business owners consider cybersecurity to be a high concern for their business. Such ambivalence to a big threat is shocking when one realizes that 43% of all cyber-attacks are aimed at small businesses and that more than half of all small and medium-sized enterprises (SMEs) go out of business after a single cyber-attack.

If you are a small or medium-sized business owner or CISO, don’t let yourself be fooled by overconfidence. Attackers are coming for your business and your employees. Take steps now to defend yourself and your company. Many quality defenses and tools can be deployed cheaply and efficiently. Reach out to a security specialist today to find out how to avoid becoming the next cyber victim without breaking the budget.

  

Comments

Post a Comment

Popular posts from this blog

It's Not Always What's On The Inside That Counts

-
Image
  While serving as the head of an Information Security department, I once had a Chief Technology Officer (CTO) tell me, "The organization doesn't need security controls as long as they have security awareness training." The statement will seem naïve and even laughable to many security professionals. However, his words reflect a growing misconception shared by technology leaders in a time where everyone is worried about employees clicking on ransomware, visiting infected websites, or compromising a network over the VPN. Even my own Doctoral Dissertation is about the need for mandatory cybersecurity awareness training courses in middle schools. Yet, a look at the news reminds us that securing employees inside a company is not enough to secure the company. One of the most concerning stories hitting the news this month is how ransomware groups are turning their focus toward firmware attacks. Leaked chats from the Conti ransomware group reveal that the organization is acti
Read more

Remember the Mobile Devices

-
           There is probably no topic of contention that I encounter more as an IT security consultant and auditor than mobile device security. People and organizations just don’t want to secure themselves against mobile devices. The excuses are numerous: ·         Regulating employee mobile devices will lower morale. ·         Employees will think we are spying on them. ·         Other organizations allow their employees to use mobile devices freely. ·         No one worries about mobile device security anymore. I have even heard many of these statements from other information security professionals, including the last statement. DON’T BE FOOLED! Mobile devices are a serious risk to your organization. I have appeared on the news three times in the last few years to speak about attacks and threats targeting mobile devices. Two of those times were specifically about attacks targeting iPhones and Apple devices. Perhaps, for this reason, I was particularly alarmed by a recen
Read more