Thursday, April 30, 2020

The Hard Truth

photo credits: Dreamstime

The Hard Truth..

Whenever there is a crisis, the vultures and jackals will circle (and I mean no disservice to those vultures and jackals of reputable nature)..  In the days and weeks of the COVID-19 pandemic, the ner’-do-wells have stepped up their game, and cyber-attacks on businesses and individuals has escalated.  While this speaks to the baser side of human nature, that side that would maliciously take from others for personal gain, this post is not directly about that..

What this IS about is what we can do about it.

Sadly, many of us have the tendency to bury our heads in the sand and tell ourselves that “it will NEVER happen to me”.

Well, friends..  yes, in fact, it IS going to happen to you.  Maybe not today, perhaps not tomorrow.. but at some point, you will find yourselves in the cross-hairs of the enemy, and he ain’t flinching when he pulls that trigger.  Whether or not you are the recipient of a cyber head-shot or not is entirely up to you.

In the day and age of a heightened state of cyber-threats, the smart money is on ensuring that you have covered every base when it comes to securing your digital house from the jackals at the door.  As a US military veteran from the Cold War era, I could extol you with stories of the days of foreign agents in trench coats trying to turn people to the dark side.. and while some of the foundations are the same, the tools are far more sophisticated than getting a sailor drunk and offering fat wads of cash for information.

The concepts are not new, but the tools have evolved. Understanding the mechanics of the threat is vital to protecting our assets.  Too many examples exist of a “lock up after the bad guy has been and gone” mentality. One stunning example is the Equifax breach, but that is just one of many examples where the bad actor has been well entrenched. It’s time to have the hard conversation with ourselves about how much risk is too much?

Rather than spout a collection of buzz-words and fall victim to trendy posturing, we need to roll up our sleeves and get down to business. A deep assessment of where we are, and how do we prepare ourselves for those who would do us harm. For starters, we need to ask ourselves several direct questions:
  • Are we ready to take security seriously?
  • Do we have the right policies in place to educate, guide and hold our workforce accountable?
  • What are our strengths, weaknesses, opportunities, and threats?
  • Do we have the right people in place, both internally and externally, to make a move to a more secure footing?
  • Do we understand the potential cost of doing nothing?
  • Are the experts we are paying for doing the job? 

For many, especially in the SMB space, the answers to these questions can be an eye opening experience. No one is too small to be noticed.  No industry escapes the scrutiny of those of malicious intent. The key to a successful security policy is to understand that it is going to change. It has to be able to evolve along with the threats that are present - this means it has to be regularly re-evaluated.  There is no such thing as a once-size-fits-all policy.  Even the NIST Security Framework has components that may or may not apply to your organization.

Like in any 12 step program, the first step is accepting that you have a problem.  We ALL have a problem. Do we have the willingness to address it?  The important thing to understand is that you don't have to go it alone.

If you are ready to have that conversation, we are ready to help. With over 30 years in the information security arena, NetWerks is ready to guide you to a much more secure place.  Reach out to us through our web site to set up a no-cost, no-obligation meeting to get an idea where you are at.

No comments:

Post a Comment