With the expected $660 billion loss to cybercrime this year, we definitely have to change our understanding, our focus and most importantly our attitude when it comes to business security and cybersecurity.
We have to stop with the simplistic crap – I have been guilty of this myself but we have to stop.
Cybersecurity is not only about AV, firewall and patching.
Doing one is good, but the attitude of doing all makes you bullet proof is definitely stupid thinking in today’s business world. The number of SME’s that adhere to that thinking is phenomenal.
Cybersecurity is about knowing your data, the location of your data and more importantly protecting it from people who should not have access to it.
It is about risk management and understanding that all risks associated with your data have been mitigated, differed or migrated.
There is a whole ecosystem of things that have to be done, as fast as possible, to reduce the risk of a cyber event, but the simplistic keeps getting in the way.
Attitudes like too small, nothing to steal and she’ll be right abound, and really does show that most people have a basic disdain for protecting their organisations.
Until this attitude changes, the basics are the only things that will be applied.
Introduction of the NIST framework (any framework), implementation of SOC and SEIM environments, an acceptance and adherence to policies, process and procedures and a basic understanding of what the bad guys are capable of is absolutely paramount for any organisation going forward.
But, we still rely on just or only the basics.
Without a change we will still go through the same solutions expecting a different outcome. Definitely stupid thinking.
We forget the capabilities of today’s cyber criminal.
- They are well educated in ones and zeros, in other words – the digital world.
- They know how to bend and break the rules that society relies on to be a society.
- They know how to bend technology to do things that even the designers never thought of.
- They have a vast range of motivations to do wrong, and
- They do not give a stuff about you. To them you, your family, your business are cannon fodder.
To change, you need help in changing.
Changing the attitude, getting and listening to advice but more importantly actioning what needs to be done is the only way forward.
There is still one fundamental issue, in most cases, you do not know what you do not know.
Getting advise from experts is important.
You can no longer rely on the jack of all trades, someone who knows computers or thinks they know the digital world.
You need an expert!
You need an expert to stop a cyber event from compromising your organisation.
You have to find the time, the expertise and the financial motivation to make change, but you need an expert to put you on the right path.
If you cannot find it internally then you have to go outside your organisation.
Roger Smith is funny, scary, on point and is focused on one thing – increasing everyone’s awareness and understanding of the problems and issues associated with the digital world.
He is the winner of the worldwide 2018 Cybersecurity Educator of the Year award and was Runner up in 2017 .
He is a highly respected expert in the fields of cybercrime and business security and is a Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity) on Cybercime, Cybersecurity and the hacking techniques used by the digital criminal.
He is an Amazon #1 selling author on Cybercrime with his best selling book, Cybercrime a clear and present danger, going to number one on Amazon.
He is the primary presenter for the Business Security Intensive (BSI) and author of the Digital Security Toolbox which is given away for free at the BSI. He is a speaker, author, teacher and educator on Cybercrime and an expert on how to protect yourself, your staff, your clients and your intellectual property from the digital world.