As per this recent article over on Chief Executive that asks [if] your company is vulnerable to cyber-sabotage, if your company gets hacked, like Sony had its PlayStation Game Network hacked, then you too could be looking at about $1 Billion in tangible damages and an incalculable toll in lost customer goodwill, tarnished brand equity and sleepless nights for the corporate brain trust. Especially if you are in the Financial, Retail, Restaurant, or Hospitality sectors.
Cyber-Sabotage is on the rise. According to IBM, more than 8,000 new cyber-sabotage “vulnerabilities” were identified last year, up 27% from 2009.
But what can you do? The article recommends that you:
- Become the Security Champion
And put cyber-security at the top of corporate priority lists. - Beware of “Social-Engineering”
Make upper managers aware of their own vulnerabilities to attacks that exploit the behaviour of strategically positioned individuals rather than involve a broad cyber-sabotage campaign. - Draw the Difficult Lines
And set up an early warning system since it’s impossible to prevent every possible attack. - Dig to the Roots
Be aware that unhappy contractors, customers or partners can become cyber-accomplices, and even cyber-criminals, if they are financially desperate enough. - Survey the Changing “Threat Landscape”
The rapidly rising number of smart-phone “apps” is providing cyber-criminals with opportunities to exploit mobile-data networks. - Know the Four Common Categories of Cyber-Saboteurs
- Foreign Government Intelligence Services
- Transnational Criminal Enterprises
- Corrupt Competitors
- Corporate Insiders
It’s not bad advice, but it doesn’t really help. It’s great to fly a flag, but that’s not enough. And even if a manager knows he is vulnerable to social engineering, that doesn’t tell him how to tell when an individual might be trying to socially engineer information out of him. And just what should an early warning system look like? And how do you identify what individuals inside your four walls might turn on you? And how does knowing what types of cyber-saboteurs are out there help you stop them from penetrating your networks?
You need to know A LOT more than you do. And you’re not going to figure it out on your own. So you pretty much have two choices.
- Outsource to a “Cloud” Company that are masters of SaaS and Security or
- Hire a Security Consultancy with the Expertise to Not Only do a Security Analysis but to Train you on what needs to be done to Minimize Risk from a Technical and Social Perspective.
That, in a nutshell, is what you need to know, because unless IT Security is your business, you won’t master it.