Recently we discussed technological damnation 78: e-Privacy, where we hinted at the difficulty of maintaining privacy in an era where keeping the data encrypted and secure is getting harder by the millisecond. We followed that with a discussion of technological damnation 92: data loss that noted that intrusions are hard to trace and like privacy, loss prevention requires secure, encrypted, digital vaults that, with advances in computer technology, often get less secure by the millisecond, starting the millisecond they are implemented.
But the damnation of cybersecurity goes well beyond (e-)privacy, which consumers are very concerned about and data loss, which your C-suite is concerned about, to fraud, sabotage, and fear.
A cyberattack might be perpetuated to steal customers’ data, especially if it has value (because it contains credit card numbers, health records that snake oil charlatans can use to target desperate people, or incriminating information or photos); to steal proprietary data (that a competitor would pay a pretty penny for); or to covertly steal company funds by inserting false supplier records into the e-Payment system (that would allow fake invoices to be automatically approved by the e-Payment or e-Procurement system) or accessing a company’s bank account through the bank integration so that the hacker can ACH the funds to another account controlled by the hacker that will allow the hacker to electronically wire all of the available funds to a bank account in a country where the funds cannot be recovered.
A cyberattack might be perpetuated to take down core systems that run production lines, as modern production lines are software controled and the right malware can physically damage equipment by causing it to overheat or operate beyond safe parameters. Damaging a multi-million production line, taking down a power grid, or contaminating multiple batches of product can shut a company down for weeks and do considerable financial damage to the company in the short term, and reputational damage to the company in the long term as it struggles to recover from an inability to meet its customers needs for a prolonged period of time and keep its operations safe.
A successful cyberattack can install fear in a company and its upstream and downstream supply chains all the way from the company that mines or produces the raw materials that are consumed by the company to the end consumer that buys the products. Sometimes that’s enough to do significant damage.
Defending against a cyberattack is nigh impossible. You don’t know when it’s coming. You don’t know where. You don’t know what zero-day vulnerability the hacker is going to try and take advantage of. You don’t know what communication lines the hacker is going to use and what machine they are going to try and route through. Can you encrypt everything? Secure every line? Patch every known security hole on every machine? And insure that not a single employee can be socially engineered to accidentally give a hacker any additional information to help the hacker in her quest? Defense is almost impossible.
As hinted at in our previous damnation posts on e-Privacy and data loss, cyberattack and cybersecurity is a damnation that is becoming more damning by the day.