Cybersecurity in the news:
Wannacry ransomware is hitting the news cycle with many high profile organizations having to admit they got hit with ransomware, which means they did not patch their machines for one reason or another.
This focus on Cybersecurity is only short term, as the headlines change in the coming days there will be less focus again.
Even in the darkest moments there is always a way back from the depths of despair even if all your data is destroyed with no backup. (Time to dust off paper processes).
Recently Cisco came out with their latest Annual report for 2017.
If you look at the potential threats assaulting defense personnel it is fairly even with mobile, cloud data, cloud infrastructure, and user issues all high threats.
The interesting chart for me is the consistent thoughts that _we_ do not have a problem.
And the reason? Cybersecurity as a high priority is still only as high as 63%, even as low as 55%. This may be better than last year, but we have a long way to go.
Cisco’s 2017 report discusses malware mostly, attacker behavior, the fact that spam includes most of the malware that attacks us.
It might be useful to review the working theories of attackers using spam. If a spammer uses a service to send out a million emails for $20-$40 then all he needs s to 1 response for ransomware at $300 to get a 700% return. And if there is a bit of luck with 2-6 responses, then $40 spam email cost plus whatever it cost to make or buy the payload and infrastructure (if any). with 5 ransomware ‘hits’ and $1500 the cost being $200 is still a 700% return.
Needless to say we will not have a reduction of ‘spam with malware’, if anything we will get an increase of ‘spam with malware’. Since everyone wants to make more money next year.
The problem with cybersecurity is that it will not affect people 100% of the time. It is not a certainty and thus a sense of false bravado exists. But we will be affected as we are all connected. What happens is the weak link, or the weakest machine gets hacked. And then if there is more money to be made there will be further issues and further hacks.
As in the next image – the lowest hanging fruit will get hacked and now it is easier to hack the high profile systems.
As in my previous post the youtube video by Saumil explains that we need to develop new methods of defense that will definitively defend our systems, not just a “high likelihood” or “low likelihood” of risk.
Setting Cybersecurity as a high priority also means you need to set good policies and resources. Even though you do not want to think about it, it will have a tendency to come and bite you. Better to be prepared and stave off the next ransomware Armageddon.
Contact Us to discuss this.