Cyber-attacks & what to do?
I am writing this article out of pure curiosity, care, and experience from over 35 years in technology. This past week CDK Global suffered from a cyber-attack backed up by a ransom request. 15,000 car dealerships throughout North America had their businesses disrupted. This does not include the numerous vendor partners the dealerships have; such as automotive repair shops. These businesses will be dramatically impacted for weeks and the loss of revenue will be tremendous.
Ticketmaster (a Live Nation Entertainment subsidiary) was hacked back on May 31, 2024, and 500 million Ticketmaster customer records were stolen.
February 21, 2024, Change Healthcare (CHC) (owned by Optum, a subsidiary of United Health Group). CHC provides pharmacy point-of-sale services, including eligibility lookup, prior authorization, and billing for Iowa Medicaid members who receive care through a fee-for-service arrangement. CHC systems came back online March 28, 2024 and are processing pharmacy claims for Iowa fee-for-Service members. credit hhs.iowa.gov website.
Listed on the iowaattorneygeneral.gov website are 58 businesses and subsidiaries that have reported a cyber incident just from January 2024 - June 2024. Reports are based on 500 or more Iowa residents must be reported. There are a variety of business types and sizes listed on the site, which the Iowa Attorney General mandated the tracking security breaches since 2011.
The headlines on Main Street USA, is that cyber criminals are getting more and more proficient and sophisticated with their tactics and tools.
My questions are: if the cyber criminals are getting better in what they do, what about the hardware software manufacturers, what about company executives, what about technology departments, and what about end users?
What is the attitude towards cyber-security in most companies? How do you know if the software you use to run your company has been tested and continues to be properly patched to help defend against vulnerabilities?
How many companies are truly building their technology stack and limiting their cyber security risk both upstream and downstream as part of their core values?
领英推荐
Throughout my 35 plus years I have seen technology developed and deployed in businesses across a large swath of industries across the globe. I have seen the technology landscape advance and security move from a focus on protecting the network layer to how to protect all seven layers.
I would like to suggest that the technology stack needs to be eight layers with the formal addition of the Human layer.
Nothing is done or created without first the involvement of the human layer. Humans decide to spend, act upon, see, ignore, or allocate resources to. Even today's AI is built on these fundamentals.
Perhaps the cyber criminals are not really getting so much better, maybe companies have taken their eye off the ball on keeping their organizations safe?
I have heard everything from, employees saying they are not technology savvy as an excuse for clicking on malicious emails, to executives not being very concerned about being attacked via the technology that runs their company. Yet, how many businesses spend money on building access systems, cameras to monitor their premises, and even door locks on executive offices.
Do you know how much of an impact a cyber attack has on the employees? If a business has to spend $10, $20, $50 Million or more just to recover from a breach, how does this impact the average employee of that company? Less money for pay raises, benefits, awards, lay-offs, etc.
Please feel free to post helpful comments related to this article so we may all learn and hopefully safeguard our businesses.