Every morning I wake up and look at the news for the latest cyber attack and find myself shaking my head as large companies and governmental agencies find themselves attacked and their data breached. Just this morning, a new Hacktivist group dubbed “Distributed Denial of Secrets” (DDoSecrets) posted 296 GB of data taken from Police and Fusion Centers. The leak is blamed on a web hosting service in my home town of Houston and I once again have to shake my head and wonder how these things happen. (See Story Here) I mean, I know HOW they happen as I have been trained in ethical hacking and cyber investigations but the question is how do we let them continue to happen? When will we as a country and when will companies here start to take cyber security seriously. I guess this kind of paralysis shouldnt surprise me – John Bolton stated in his recent book that Cyber Security Policy was hung up in inter-agency bickering so we continue to leave our doors open. (See Story Here) So it seems any sort of governmental policy will be slow to be issued. So what about the private sector? Surely they want to protect themselves from Cyber Attacks.
Then I read a report that cuts to the heart of the issue. Today, the WSJ published an article called “The Industries Most Vulnerable to Cyberattacks – and Why.” Let me share some of the statistics from this report which surveyed nearly 400 companies. 80% of the companies felt Ransomware was a high risk to their companies but less than 70% felt they were prepared to deal with it. Less than 63% of companies with less than $50 million dollars of revenue have a Cybersecurity Program and 15% of them had no plans to start one. How is that justified when 70% of Ransomware attacks are targeting these same businesses? So maybe they are relying on cyber insurance but that isnt the case either – 39% of small businesses have no plans to buy cyber security insurance in the next 12 months. This should be alarming to any concerned citizen – our data is being stored by these companies and they are doing very little to protect us. And sadly the problems are not limited to small businesses, many large businesses have also been breached, some of them multiple times.
So my opening question stands – What Will it Take for You (and your company) to take Cyber Security Seriously? It is not a lack of technology – there are hundreds of companies wanting to help you secure your network. Is it budget? Is not the security of your company and it’s data crucial to corporate success? Is it lack of knowledge? Then let me or any of my other ex-FBI Cyber-Security friends sit down and talk to you and your board. I promise not to sell you any products but i ask for a promise in return – do something. Anything. We have to stop sitting on our hands and hoping we don’t get hit by cyber attackers. Seriously – Any Step taken towards a more secure environment is a positive step for you and your enterprise.
WSJ Article: https://www.wsj.com/articles/the-industries-most-vulnerable-to-cyberattacksand-why-11592786160?mod=hp_jr_pos1