Learning new things excites me.
A recent trip to Detroit proved it again as our MEP National Network team worked to make sense of cybersecurity for Small- and Medium-sized Manufacturers (SMMs) across the country. It’s a fascinating quest because the subject area is so broad and high and deep…plus it changes every week. The outcomes hold serious consequences for everyone involved – a major challenge for the MEP System charged to devise practical solutions. I’m a neophyte in the area, so my knowledge base expanded by a huge percentage. Exciting stuff with much more to come!
Of course, I wanted to share my excitement and new knowledge as quickly as I could, so I visited a local executive to fire him up. Cybersecurity is a critical issue that will affect everyone and becomes more serious every day. Surely, the details would fire-up my friend and he would be as excited as I was. Yet, the further I pushed, the more I thought a yawn would be a better reaction than what I got.
“Why aren’t you more excited?” I asked.
“I fail to see how this has much to do with me,” he responded. “I’m way too small to be anyone’s target and even if they attacked me, there’s nothing here that anyone would want.”
CRASH went my excitement! Everyone should be engaged, yet it wasn’t the case here. Of course, I’ve also learned that once “should” enters a sentence, nothing ever works the right way.
All this pushed me to think about why more people aren’t paying attention. Are we too busy? Not aware? Think that nothing can be done or we’re in a low-risk situation? I’m not sure.
How many of you have participated in a “White Hat Hack,” where an expert tries to breach your organization’s virtual and physical facilities? One of my friends works at a company who contracted for one of these test hacks. The company lost control of their entire operation in less than two weeks. Servers, networks, systems, bank accounts, and physical assets were all breached. Ironically, the best-protected company facility was breached through a wireless printer. Modern hacking techniques make everyone vulnerable.
I hear you saying, “I fail to see how any of this affects me. My operation is too small…has minimal value to anyone else. Besides my IT guy takes care of it for me.”
Let me give you three reasons to jump in:
- The first steps are easy;
- Your customers will demand it; and
- Proactivity may save your company.
Small steps and persistence can make a big difference.
Take the first easy steps. Forensic studies show that 80-90% of cyber events are enabled by poor software patching, compromised credentials, or employee actions. Most companies will not be victims the first day a virus is introduced, so running current software with all the updates in place prevents many attacks before they happen. Next, passwords and user names rarely prevent any but the most casual attacks. Multi-factor authentication should protect your accounts and facilities. Finally, train your employees to make them smarter about the threats to both the company and their personal accounts. These three actions close major hacking doors and will make your organization more secure.
Be ready! Your clients are taking these steps and will demand the same from you. You don’t want your organization to be the weakest link in customers’ supply chains. Markets will close to you and your reputation will be damaged. Major industry segments are taking action. If you are part of the Department of Defense (DoD) supply chain, you must comply with the NIST Cybersecurity Framework. The DoD deadline passed on December 31, 2017 and we are starting to see the first enforcement actions. We expect the automotive industry to follow the DoD lead during 2018 and other industries to take their own action. Be ready and proactive!
Proactivity could save your company. The track record for breached companies is not good, with more than 50% going out of business within a year of the event. Don’t be one of them! Put in place a way to defend, detect, and respond to any incidents and move quickly. Cyber experts agree that it’s a question of when – not if – every organization will experience an event. Build a strategy that makes it harder for hackers to dive deep or move around your system.
All this sounds serious, difficult, and dark…and it is! There’s also another side to the equation. It’s hard work to understand the threats and act effectively, but that work puts your organization on the front lines of both technology and business. We live in a world where continuous and lifelong learning is a vital part of future success. These actions put your business in a learning stance and strengthens your future prospects.
Cybersecurity affects everyone. Engage around the subject and strengthen your business and personal capabilities. Above all, have fun! Learn where the world is going and enjoy the stories and experiences of the experts. At the end of the day, you could be as excited to learn new things as I am!