One of my biggest frustrations in this role over the past seven years is the failure of most manufacturers to engage around critical issues to improve their businesses. Now, it’s happening again. This time around an issue that will prove fatal to many organizations.
Cyber-threats are not going away. In fact they’re accelerating as perpetrators become more numerous and sophisticated. As an outsider, it’s fascinating to see a whole industry develop around cyber-crime, complete with starter kits, help desks, and industry best practices. Much of the activity still surrounds mischievous or carefully targeted attacks aimed at prime targets. These require time, effort, care, and a bit of art – much like building a custom car.
Of course, Henry Ford transformed the auto industry by introducing mass production and the cyber-crime industry is going through a similar evolution. Phishing scams, viruses, and ransomware are all going mass-market in their quest to generate cash. Minimal effort, broad reach, and modest rewards all lead to high returns on the work. This new approach makes little differentiation between targets. These hackers have very few specific targets, just lists. If you’re on the list, you will be hacked.
Exposure to these events threatens your survival. Breached companies disappear within a year 60 percent of the time. Even the survivors struggle through messy cleanups. Then there’s the reputation damage that can last for a long, long time.
The issue hit home at my Board Meeting last month. Two of my Directors experienced breaches and a third started work towards compliance with the NIST Cybersecurity Framework. These events launched a spirited discussion around the issues and illustrated the choice most companies face: go through a prolonged remediation or work diligently through a preventative process. Yet most companies will choose a third action: do nothing and hope!
Still, all is not lost! Taking effective action is straightforward and easy to understand.
Start with small steps. Three actions can make your organization much safer:
1. Run current software and install all updates immediately. Your likelihood of being a first-day victim of a new attack is relatively low and software updates address known threats quickly and effectively.
2. Use multi-factor authentication whenever possible. User names and passwords provide only minimal protection – especially if you are one of the 41 percent of Americans who use less than five passwords to cover all their applications.
3. Teach your employees to be smart – both at work and at home! Many breaches result from employees clicking a link, opening a contaminated file, or responding to a decoy email. Even experts fall for phishing, so do your best to help all your people handle the danger.
These three steps minimize your exposure and lay the foundation for more sophisticated and targeted defenses.
The time to act is now! The cyber-threat is growing and becoming more ubiquitous. The first steps are straightforward and relatively easy. These actions make it possible to engage more safely in this increasingly connected world.