Don’t Build Your Cybersecurity Confidence on the Sand

-




            The Bible uses the now-famous parable of the house that was built on the sand. When the rains came and the storms hit, the house fell because it did not have a firm foundation. Unfortunately, the cyber departments of many organizations are running the same way. They have survived the last couple of years without a major incident and so they believe they are secure.

A recent article released by Help Net Security revealed that Chief Information Security Officers (CISOs) are becoming increasingly confident that their organizations will not suffer from costly cyber attacks. In fact, the number of CISOs who believe they are likely to suffer an attack in the next twelve months has dropped by almost 16%! Yet, the problem with this stat is, as the article notes, very few of these CISOs have made any significant improvements to their security environments to reduce these attacks. Instead, the increased confidence in the resiliency of their departments stems from the idea that they didn’t suffer a costly attack last year. Such confidence makes little sense.

If police inform you that there is a crime spree in your neighborhood, do you ignore them because you didn’t get robbed last year or would you take extra care to make sure your house is protected? If your doctor says that you are at risk of a heart attack, do you ignore him because you didn’t suffer a life-threatening heart attack last year or would you get a second opinion and take steps to protect yourself? Most people would consider ignoring such warnings to be foolhardy. Yet, this is exactly what many CISOs are saying about cyber attacks.

The truth is that cyber experts across the world are raising the alarm that attacks are coming. Statistics support these claims. Cybercrime statistics from April 2022 show that the number of organizations suffering cyber-attacks has increased by 600%. Meanwhile, the cost of such cyber-attacks has increased by more than 15% each year. Nor are these attacks aimed at large corporations, governments, and big businesses.

In fact, almost half of all cyber-attacks are aimed at small businesses. Unfortunately, most of these small businesses are easy targets for even the most unskilled attackers. Reports show that less than 30% of small businesses take even the most basic steps to defend themselves against financial loss from cyber attacks. Such a statistic is unsurprising when reports show that less than 5% of small business owners consider cybersecurity to be a high concern for their business. Such ambivalence to a big threat is shocking when one realizes that 43% of all cyber-attacks are aimed at small businesses and that more than half of all small and medium-sized enterprises (SMEs) go out of business after a single cyber-attack.

If you are a small or medium-sized business owner or CISO, don’t let yourself be fooled by overconfidence. Attackers are coming for your business and your employees. Take steps now to defend yourself and your company. Many quality defenses and tools can be deployed cheaply and efficiently. Reach out to a security specialist today to find out how to avoid becoming the next cyber victim without breaking the budget.

  

Comments

Post a Comment

Popular posts from this blog

What Would I Do?

-
      My doctoral class is requiring me to post my assignments to this blog. I delete most of them after the grade is posted so that my blog will not be filled with these distractions from its purpose. However, I expect that I will leave this one up because I feel it is interesting.      The assignment for this week was "If you had unlimited time, money and talent, list 10 things you would do in each of these categories: Education, Job or Research, Philosophical/Religious, Travel and Home. Then, write a short post about what these articles reflect about you. Be sure to include at least 1 scholarly/peer-reviewed resource.".        Here is what I turned in. I'd be curious to get thoughts on it.  Education: 1)     Chess Lessons from a World Champion 2)     Attend Astronaut School 3)     Learn to Fly a Plane 4)     Learn Sky Diving, Deep Sea Diving, Mountain Climbing and S...
Read more

Remember the Mobile Devices

-
           There is probably no topic of contention that I encounter more as an IT security consultant and auditor than mobile device security. People and organizations just don’t want to secure themselves against mobile devices. The excuses are numerous: ·         Regulating employee mobile devices will lower morale. ·         Employees will think we are spying on them. ·         Other organizations allow their employees to use mobile devices freely. ·         No one worries about mobile device security anymore. I have even heard many of these statements from other information security professionals, including the last statement. DON’T BE FOOLED! Mobile devices are a serious risk to your organization. I have appeared on the news three times in the last few years to speak about attacks and threats targetin...
Read more