Every week there are more hacking incidences.
There is a serious problem – a significant number of people and companies are not doing what is necessary to prevent Cyberattacks. This is also a moral weakness, and is a function of misunderstanding Cybersecurity and human nature.
The problem we have is that everyone needs to be better at cybersecurity. So it is a colossal misunderstanding of the nature of Cybersecurity. This is compounded by Hollywood’s portrayal of hackers and hacking events.
Kevin Mitnick was an early hacker (before 2000) and got caught – convicted, now he is a consultant.
Hollywood makes hacking mysterious and easy for certain people, but this is a fantasy world. And of course there is no explanation as to how one can defend against hackers.
In my mind (as an ethical hacker and computer professional of 20 years) this state of Cybersecurity affairs will not get better until a paradigm shift.
It would be nice if everyone understood at least the basics, as I have many posts on this topic.
Let’s try and push the companies to do the right thing.
Why are Companies not protecting their computers the way they should? Misunderstanding and psychology, but what can we do to change their minds?
(from an old post an infograph by Small Business trends)
As a small company if you do not do what it takes, then you may go out of business if you literally lose your data tomorrow. The reason for this is that backups are not what they seem.
Apparently the knowledge of potential failure in the future(due to bad decisions) is not enough for 22% or more ( in some surveys) of companies. This is a huge number and will keep the criminal hackers fed forever. So how can we change that?
All Cyber-consumers should demand Cybersecurity done right from all companies we do business with. And since it is 2017(almost 2018) and we depend on computers and what the convenience does for us, we should all be interested in making sure only what we want to get done gets done.
So we have to ‘help’ the companies which we depend on to keep operating – like restaurants, banks, hotels, and many other seemingly innocent companies (let’s not discuss government and Equifax), as we are talking about all small businesses, the accountants, the lawyers, the plumbers, HVAC, everyone large and small. All except the public companies, as they _have_ to have somebody taking care of business. It is only the companies that do not “have” to do that don’t in sufficient numbers
What if you could “know” that at least a minimum of processes were done to at least prevent a catastrophe if something does happen? What is that worth to you?
Would you do business with someone if at any moment they can have a catastrophic event and then go out of business?
Sure it should be where we do not have to think about this Cybersecurity thing and thus it “Ought” not to cost anything, but it we do not live in fantasyland like Hollywood. Do you know why it costs? Because ransomware has changed the game. It used to be when hackers were just annoying, like spam. But now criminal hackers are making serious money and thus they will continue to do it until we stop them cold. As I have mentioned in the past this is an uphill struggle though since human nature is to ignore the problem and this has been proven in the fact that 25% of people do not patch their computers.
So let’s repeat: If one does not patch your computer, your computer(or device) becomes vulnerable to malicious software, then it has a higher and higher chance of getting hacked every month it does not get patched.
So eventually it is a beacon for bad software to come in, and very soon (like a year or 2) ransomware will test your cybersecurity defenses. This problem will get worse until we can peer pressure everyone into getting Cybersecurity audits from CISA certified professionals. Like us.
Contact us to help you get up to snuff, or to get a neighbor company up to snuff.
We are going to have an Oversitesentry seal of approval so that everyone that is doing the basics can at least sleep a bit better about their future.