Why Businesses Need to Create a Risk Profile to Prevent Cyberattacks
Think about the last time you were afraid of something. Did you approach the situation rationally? If so, you’re in the minority. Most people are terrible at being rational when afraid. And where cybersecurity is concerned, that’s exactly what criminals are counting on.
In 2018, the Data Science Institute at Columbia found that surgeons under stress tend to make up to 66 percent more mistakes in the operating room. You’re probably wondering what, if anything, this has to do with cybersecurity. A great deal, actually.
It’s proof positive that even medical professionals are prone to error when under extreme stress. The cybersecurity industry is no different.
There’s no shortage of sensationalism around the cybercrime industry. You can’t even turn on the news without hearing about some new and terrible threat facing the digital world. To hear the media tell it, cybersecurity is an industry in a perpetual state of crisis.
A looming talent shortage and overworked employees. Irreducibly complex and sophisticated cyberattacks led by state-sponsored black hats. Unstoppable botnets that can bring the entire Internet to its knees. Powerful tools like ransomware-as-a-service that allow even the least tech-savvy of individuals to execute advanced attacks.
These are all things that are happening, true. And they’re extremely intimidating to think about. If a well-funded black hat organization were to set its sights on your business, there would be little you could do.
The thing is, devastating cyber-incidents like the ones we see so frequently online? They are not the norm. They’re just what makes headlines.
In actuality, the vast majority of cyber-attacks and data leaks are neither complicated nor targeted. They are shotgun cyberattacks that effectively throw malicious software and attack vectors at the wall to see what sticks. If you don’t want to take my word for it, have a look at the stats below.
- According to Kaspersky Labs, 70 percent of cyberattacks now target Microsoft Office vulnerabilities, none of which are particularly complicated to exploit.
- Per cybersecurity agency Automox, 60 percent of all data breaches are tied to unpatched vulnerabilities for which there is an existing update.
- According to security researchers at Recorded Future, of the top 10 most exploited vulnerabilities on the web, only three are from 2018. Four were disclosed in 2017, another in 2015, and one more in 2012. Patches exist for all the aforementioned exploits.
What I’m trying to say is that too often, corporate cybersecurity veers to one of two extremes. Either we get sloppy because we think it can’t possibly happen to us, or we become paranoid, terrified at the dangers that exist on the web. Neither is the correct path.
Instead, businesses need to create and analyze their risk profile. They must endeavor to understand their unique organizational workflows, data requirements, and security threats. And perhaps more importantly, they must take a proactive role in both enabling employees and protecting corporate assets.
This is not something that can be done from a place of fear, stress, or paranoia. It needs to be careful, measured, and well planned. It needs to be an organization-wide, multi-departmental approach as well. That way, you don’t have a single group of people shouldering the burden for absolutely everyone.
About the Author:
Tim Mullahy is the Executive Vice President and Managing Director at Liberty Center One, a new breed of data center located in Royal Oak, MI. Tim has a demonstrated history of working in the information technology and services industry.