Cybersecurity Isn’t Just for Big Tech

Posted inBusiness, Cyber Security, Security, Technology

Cybersecurity is all the talk today, but it’s important to remember that it’s not just for Big Tech. Cybersecurity is vital to the survival of all businesses.

October was Cybersecurity Awareness Month and the tech world was bursting with news. Not because of the month, but because new vulnerabilities and new exploits combined with both new and old tactics keep it there. Both consumers and business leaders are taking notice, with everyone taking steps to ensure their information is safe. Still, there are businesses out there without a cybersecurity plan and without cybersecurity defenses protecting the information they house. According to a new article from Law.com, neglecting cybersecurity isn’t just risky, it’s reckless.

We’ve often discussed that threat actors do not care about business size or location. Information, data, is their form of currency and they don’t care where it comes from. The sheer amount of data available for threat actors to hone in on increases daily, and they want every piece they can get. As such, hackers have honed their skills, upskilled and increased their knowledge of business cybersecurity practices to bolster their efforts.

This was a thing before the pandemic, it just wasn’t in the news on a regular basis like it is today. When the pandemic hit, we saw a huge surge in cybersecurity activity, some of it resulting in lockdowns by ransomware or theft of data by cyber criminals. Why did we see that surge? There are a few reasons, but the two big ones are that prior to the pandemic, cybersecurity simply wasn’t a focus for businesses, so any security actually implemented often looked like swiss cheese; and when we shifted to remote work, business cyber infrastructure expanded exponentially. Since cybersecurity wasn’t a big focus, the holes that were there only grew.

From Law.com, “Brian Hengesbaugh, chair of the global data privacy and security business unit at Baker McKenzie, called all of this a “perfect storm” rising on the corporate cybersecurity landscape. Between businesses, such as law firms, and their vendors, “It’s going to get more into litigation and dispute over who is responsible for what.””

As this is from a publication dealing with law, they spark an excellent legal point: When it comes to cybersecurity, who is ultimately responsible for the data that becomes exposed? The article cites the Accellion FTP breach as a flag that businesses have more to worry about than their own security, including the cybersecurity practices of their vendors and business partners. Which is why, in the past, we have advocated for vetting the cybersecurity practices of potential vendors and business partners before signing any contracts.

There are many tactics used by cyber criminals today. Spoofing, phishing and ransomware are just a few that we hear about the most, but there are a multitude of ways a threat actor can gain access to a business’ systems. Known vulnerabilities are consistently a problem, which is why regular patching and upgrades and consistent modernization cycles are so important. These are ways businesses can ensure that known vulnerabilities are patched appropriately and in a timely fashion.

Cyber activity is on the minds of business leaders and owners across the globe. Sure, you can go out and buy all the best technology on the market. But it won’t be long before it’s not the best anymore and you have to do it again. Which is why the role of a CISO is important, whether it’s a dedicated team or person who works on-site, or an MSP you outsource to handle, having a dedicated expert overseeing your cybersecurity is vital. Even so, it’s just as important to have a third-party review to ensure that nothing is missed.

“Just because a company doesn’t have a CISO doesn’t mean they are not Fort Knox with security—however, it’s more likely they are not,” Christopher Ballod, an associate managing director in the cyber risk practice at Kroll, told Law.com.

Not having solid cybersecurity in place is definitely risky, and, from your attorney’s perspective, it’s even reckless. Yes, there is cyber insurance, which is rapidly evolving with the onslaught of threats, but that will never be enough to save your business in the event of a breach. And, with shoddy cybersecurity in place, you will suffer a breach sooner than later. Now is the time to have a security review by a third party. Cyber attacks aren’t going anywhere for a long time, don’t be the next victim.

About the Author

PWV Consultants is a boutique group of industry leaders and influencers from the digital tech, security and design industries that acts as trusted technical partners for many Fortune 500 companies, high-visibility startups, universities, defense agencies, and NGOs. Founded by 20-year software engineering veterans, who have founded or co-founder several companies. PWV experts act as a trusted advisors and mentors to numerous early stage startups, and have held the titles of software and software security executive, consultant and professor. PWV's expert consulting and advisory work spans several high impact industries in finance, media, medical tech, and defense contracting. PWV's founding experts also authored the highly influential precursor HAZL (jADE) programming language.

Contact us

Contact Us About Anything

Need Project Savers, Tech Debt Wranglers, Bleeding Edge Pushers?

Please drop us a note let us know how we can help. If you need help in a crunch make sure to mark your note as Urgent. If we can't help you solve your tech problem, we will help you find someone who can.

1350 Avenue of the Americas, New York City, NY