The Era of Faking Security is Over

Introduction

As I sit here at 5:30 AM on a Sunday morning, having billed over 100 hours in the last two weeks in addition to my full-time job as CEO of Cyber Defense Group, I am struck by something that has become blatantly apparent to me: there’s no way to fake security in 2021.

I unofficially entered this industry as a young boy in the ‘80s, hacking away on a series of Commodore computers, and officially entered information security in the ‘90s.  It’s a poignant moment.  Essentially what we, as security professionals, have been warning about 20+ years ago is finally happening: you can’t wander around the digital equivalent of a bad neighborhood with your wallet pasted to your chest and a neon sign saying “STEAL ME.”  This analogy is what most companies today are doing, and the “wallet” is typically sensitive data, sometimes the MOST sensitive data.

When I write a blog post I typically end it with some solution…because we all hate problems without solutions. The answer here is simple: commit to a proper cybersecurity program.  All companies today are tech companies. Regardless of industry or specialization, all businesses are now wrapped up in the digital world. With daily operations depending largely on different technologies and architectures, any business could be the victim of a cyberattack. Just take Colonial Pipeline as the most recent example. Their primary business is pulling dead dinosaur mush out of the ground, but when you can’t bill your clients your business must come to a halt.

Unfortunately, our calls have gone unheeded, and this problem has gotten ahead of us.  I will still be fighting with the rest of my IR brothers and sisters, as well as the countless IT folks who are pulling long weeks after a breach.  But we’ve reached an inflection point…it’s time for legislation to stop payments to ransomware criminals and to severely penalize companies and individuals, including possible criminal liability, for ignorance of proper security. 

More and more businesses will be targeted, and more successful attacks like the one on Colonial Pipeline will occur when industries across the board do not take a hardline stance on cybersecurity. Security breaches not only impact the affected business but also its customers. If your business is compromised due to a successful cyberattack, there is most likely going to be a breakdown in your operations and delivery of goods or services to the public.

Therefore, as the economy continues to become more reliant on digital communication and transactions, more attacks on businesses will take place. As these attacks make life increasingly inconvenient, and potentially less safe for customers, the general public will become more aware of this issue and hold businesses accountable for their cybersecurity programs. I hope we don’t have to get that point. I hope all businesses will start to prioritize cybersecurity right now, and not wait until their bottom line is affected by a hacker sitting in a dark room. For the sake of your business’s longevity, reputation, and concern for your customers, it’s time we end the era of faking security.

Investment in a holistic cybersecurity plan needs to be a top priority in today’s environment — a pillar that all businesses use to stand upon. You can’t “fake it ‘til you make it,” anymore — at least not with cybersecurity, because your business might not make it out of 2021.

With hope,

Lou