By Rick Ball, VPC Cyber/Continuity of Operations Branch Director
Welcome to Cyber Awareness Month for 2022! Let me ask you a couple of questions to begin. Do you or your business store any data on local computers, servers, or in the “cloud”? Do you or your business conduct financial transactions on a daily, weekly, or monthly basis? If the answer to either, or both, of these questions is yes, then you are a target for a Cyber-attack.
You might think that you are too small for a Cyber-attack, or that your business is not significant enough to warrant an attack, but that is where you would be wrong. It does not matter if you are a one- or two-person shop, a SMB, or a Fortune 500 company – regardless of market (Healthcare, Government, non-profit, NGO, a publicly traded or private company) because you if either store data or conduct financial transactions then you are potential Cyber target.
Why you ask? The answer is both simple, and complicated at the same time. The nation-state (Iran, North Korea, China, Russia) sponsored Cyber-attack groups want to disrupt our daily life – business and personal, and cause mayhem. Cyber-attacks are in fact a form of terrorism. If you look up the definition of terrorism, it states “intimidation or coercion by instilling fear”. So, if you alter your daily routine, be it business or personal, due to a Cyber-attack, then you have been intimidated or coerced. The complexity is often derived from how long the attack occurs, the damage done – both financially and to your reputation, and the ability to recover.
So, what can you do? The answer is not easy. Certainly, there are many excellent companies who provide both software and hardware solutions to combat a Cyber-attack. You can either hire the appropriate Cyber trained staff and/or a Chief Information Security Officer (CISO). You could outsource to a Managed Security Solutions Provider (MSSP) and or a virtual CISO (vCISO). But one of the keys to combatting Cyber-attacks is education that is conducted on a regular basis with all levels of employees. The other key element is testing and exercising after training has been conducted to insure that knowledge retention has been accomplished.