“There are only two types of companies in America: those that have been hacked and those that will be hacked.” -- Former FBI Director Robert Mueller
Risk management has always been a tough, complex job. Any organization, no matter how tightly managed, can be compromised in many ways. Reputational issues can create a lack of faith that affects revenue for any business. Geopolitical issues such as tariffs or compliance with government regulations like Health Insurance Portability and Accountability Act (HIPAA) or Sarbanes-Oxley (SOX) can cause numerous interruptions to business and negatively impact the bottom line.
But I think the greatest risk businesses are facing today is the risk of cybercrime attacks. The reasons being these criminals can attack us through so many sources, for so many reasons, and be so devastating. Just ask Atlanta and Baltimore or check out the list of health care providers who have been breached. (List available here: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf).
Any organization that connects to the internet in any way is at risk. Regardless of industry or government, number of employees, or annual revenue, when a breach happens it is often devastating.
Cybercriminals attack in many ways:
1) Ransomware: Blocks access to your network until a “ransom” is paid
2) Distributed Denial of Service: Attacks your computer system by flooding it with information sent from many individual computers
3) Data Theft: Illegally obtains private and sensitive information, including passwords and financial information
4) Unlawful use of your equipment: Uses your computer network illegally or for illegal means
5) Attack on your reputation: Actively and deliberately uses information to cause damage to a person or organization’s reputation
6) Selling Data: Initial hacker brings other hackers into your domain, selling credentials as well as ALL of your data
This is not an exhaustive list. These and other threats to cybersecurity mean that companies should consider:
- How to safely use websites for marketing, when websites are portals that may also provide cybercriminals and social engineers with more tools. Many spear phishing scams are constructed just using website information. In the age of information, all information is useful to the right person. The cybercriminal who is networked knows who to sell what to.
- How much of the budget can be reserved for cybersecurity products and services plus employee training for a potential breach.
- How to put a plan in place for damage control in the event of a cybersecurity breach.
Cybercrime is a trillion-dollar industry. As it grows, so does the need for cybersecurity. Cybercriminals are always working to steal information, so it’s important for risk managers to learn to keep it safe. As a consultant in cybersecurity, I provide audits and risk assessments so that organizations can stay aware and ahead of the risks.