Cyberattacks have become a normal part of work life in recent years for the IT community, making it very easy to become complacent with cybersecurity strategy and budgeting. On April 13, 2022 CISA, the DOE, the NSA, and the FBI released a joint Cybersecurity Advisory outlining a major threat to ISC/SCADA devices. https://www.cisa.gov/uscert/ncas/alerts/aa22-103a Although this advisory is specific to those devices and where those devices are used in critical infrastructure organizations, the overall plea for organizations to plan, prepare, and most importantly, maintain, their cybersecurity defenses rings true for all organizations and businesses around the world.
Cyberattacks are designed to bring an organization, or a country, to its knees. Whether the attack is for financial gain for the hacker(s) or to create chaos, the outcome for a business would likely be catastrophic. It may even cause the business to close. Hackers no longer seek targets exclusively to pull customer data. They will target any organization by searching for an entry (IE: security gap) into the network/systems. Hackers are able to then determine how to best disrupt that organization’s ability to function. They can render the network useless, they can hold information for ransom, they can hijack billing and payments, they can disrupt shipping of merchandise, the sky is the limit when the hackers have an organization in their grip. And compliance with the hacker (IE: payment of a ransom) does not guarantee the hacker will leave the organization alone and seek new targets.
Of course, we have all heard of network breaches of major retailers, but those are just the obvious victims. What most of us don’t hear about are the smaller, yet lucrative and successful, businesses who had to close their doors or had to scale the business down drastically to overcome a network hack. Every one of the businesses believed they were immune from hackers. They either didn’t adequately protect themselves for an attack, or worse, had no measures in place to subvert an attack. They let their guard down and paid a hefty cost.
During an interview on The Rachel Maddow Show, Nicole Perlroth, CISA Cybersecurity Advisor, said of this latest advisory, “This is aimed toward the technical community. Right? But it’s also aimed toward senior leadership at the organization.” She goes on to say, “You need to empower your Chief Information Security Officer. You need to give them the money and the tools, right now, more than ever, to log what is happening on their network, to hunt what is happening on their network, and to flag any suspicious activity…”. Again, she was speaking specifically about the April 13, 2022 Cybersecurity Advisory, but the overarching advice she’s sharing is that every organization needs to have a strong cybersecurity strategy, the ability to monitor for hacks of all types, and to properly finance IT to defend the network from outsiders.
This is a tricky proposition for any business organization. How does one plan for the unknown? How does one budget for the unknown? What is an adequate budget? How does one defend itself from a seemingly invisible enemy? This is a complex and ever-changing landscape, but business organizations have little choice than to tackle the challenge. We understand the reality that no one IT person or group of people supporting a business organization’s daily IT needs will possess the knowledge to create an all-encompassing cybersecurity defense. To believe otherwise will likely put the organization in jeopardy.
C2XCEL has access to many cybersecurity experts and will engage the best one to help your business organization meet its cybersecurity needs.
Don’t allow a preventable situation to cause the downfall of a business and quite possibly your reputation in the IT world. Contact C2XCEL today to schedule a meeting.