What amount of time should be spent on preventing future Cybersecurity events?
During this Beer Bug crisis we have learned that Information Technology is an “Essential” business. (Part of CISA classification “Critical Infrastructure Workers)
Notice it is only “Information Technology”(or IT) not Cybersecurity.
Even though it would be good if your IT kept you safe from attackers which means you are keeping control of your devices instead of giving control to hackers. How important is this function?
The more you need your devices (i.e. can’t run my business without computers) now it is necessary for you to _ensure_ that your systems will stay operational. This means you will have to double check that IT does what they are supposed to do.
It is that important – to keep the lights on and work on the continued viability of the company or entity. Provide a way to doublecheck your IT department without them being afraid to look over their shoulders. You need an independent contractor that will not do any other work and will only audit or doublecheck the IT department.
In a larger company there is a Security IT department (i.e. people exclusively performing security tasks)
Will there be any time that you do not need security in IT?
Do you have this budget to spend:
Cybercriminals earned $600 Billion in 2018
66% of businesses confident they could recover, but 75% do not have a formal plan.
White hat hacker earned $19mil in bounties in 2018
These stats come from a variety of sources.
There are many hacker ‘statistics’ on the internet.
I put this together a long time ago, it is still apt today. The hacker will make a lot of money with low investment, especially with the sub specialization in the hacker community (the spammer does not need to learn how to do ransomware). So this underground economy has a large amount of incentive to keep attacking us.
We have to start to get our act in gear to defend better and more efficiently.
We have discussed the underground capabilities in the past:
Oversitesentry.com/darknet (2015 post)
Psychology of Security part 2 (2019 post)
Contact us to discuss