The recent Colonial Pipeline attack set off gasoline panic-buying on America’s East Coast and reportedly cost the company $90 million in ransom. An adversarial nation’s Sunburst hack penetrated major U.S. corporations and key government agencies with repercussions yet unknown. Looking at these and other incidents, friends and customers have asked me, “What’s the use? Why bother? If these powerful organizations can be held for ransom or lose key data, what chance does my organization have to defend itself?”
I understand the feelings of helplessness behind the question. It can sometimes seem cybersecurity experts are preaching fire safety while all around us the house is burning down.
The lesson of the Colonial Pipeline, Sunburst, and other cyberattacks isn’t for companies to lose hope. It’s to realize that every business, no matter how modest, is sitting on highly inflammable assets and must invest in the best fire protection available.
By “invest,” I don’t mean “spend more money.” I mean work to understand the true nature of cyber attackers, cyber defense strategies, and the extent of business-critical data every organization has at risk.
The story of cybersecurity is overwhelmingly not one of superheroes battling super villains. The headline-grabbing hacks and ransomware attacks are merely the visible top layer of a grueling, relentless cyberwar between companies and government agencies trying to protect their network and data infrastructures versus criminal and political keyboard invaders trying to penetrate those infrastructures.
It’s rarely secret cyberattack weapons versus secret cybersecurity defenses. The vast majority of cyberattacks that succeed take advantage of known vulnerabilities that the victim could have defended against but didn’t. Many times, it comes down to organizations simply failing to patch vulnerable software for which patches are readily available.
The bad cyberguys aren’t mysterious apparitions. They appear on “WANTED” posters everywhere. Their faces are familiar. The U.S. National Security Agency (NSA) has emphasized the extreme rarity of zero day hacks, meaning most breaches are not the result…