Trickle-down insecurity

Recently, I applied for a position with a security solutions company. Writing the cover letter, I was reminded of an incident I’d expunged from my mind.

In early May, I hopped on my trusty NordicTrack and was presented with the message, “This device has reached the end of its life. This device will no longer receive support or updates. Please visit https://somecool.website.com to get an awesome deal on a new piece of equipment.”

OMG.

Nothing made sense. Why hadn’t I’d received an email, saying support was being discontinued? I knew my machine was sadly outdated with a 6-year-old user interface, but I’d found a workaround that enabled me to display a new workout every day and connect with the online user interface.

I restarted the machine, and the same message appeared. Then it occurred to me. My machine was infected with malware. Did the culprit creep into my house via an unprotected device? Leap over the firewall? Skedabble through my router?

For a few days, I endlessly restarted my NordicTrack, hoping everything would magically be restored. Exasperated, I explored the settings menu, and discovered I could do a factory reset. Success!

Proliferation of entry points

Before the internet, spotting and avoiding scams and miscreants was easier. The handyperson knocking on your door, offering to resurface your driveway, fix your roof, and perform other tasks for a low, low price raised suspicion. An offer arriving in the mail or publication to make millions overnight was treated equally with caution. Ditto for the fast talker on the phone.

Now everyone, every business, every enterprise is vulnerable through a multitude of conspicuous and inconspicuous channels. Often, there’s no way to detect an intrusion, a compromise, a swindle until it’s too late.

Worse, there’s no way to keep up with the multiplicity, and persistently changing, potential entry points. PCs, tablets, and smart phones. Connected devices and personal assistants. Emails and text messages. Tainted clickbait, ransomware, and deceptive URLs. And that’s just the “stuff” that consumers need to heed.

"Passwords are like underwear: Don't let people see it, change it very often, and you shouldn't share it with strangers." Chris Pirillo, American entrepreneur

Businesses and organizations have hundreds, even tens of thousands, of entry points they need to monitor, considering the devices their employees are using, customer touchpoints, and breadth of IT and networked infrastructures.

Defining a security perimeter gets more challenging with cybercriminals looking for cracks, holes, and opportunities to topple defenses and breach firewalls.

Security a mutating virus

There are many learnings from coronavirus (COVID), in particular, it mutates. Security is no different.

According to the 2022 Cybersecurity Almanac, if measured as a country, the cost of cybercrime damages – $6 trillion USD globally in 2021 – would be the world’s third-largest economy after the U.S. and China.[1] The same publication estimated the cumulative global cybersecurity spend will reach $1.75 trillion between 2021 and 2025 with a consumer or business suffering a ransomware attack every two seconds by 2031.[2]

The only positive outcome is the growth of new industries, companies, and roles with the global perimeter security market to grow from $67.15 billion in 2022 to $149.05 billion by 2032.[3]

A rapidly growing industry is cyber insurance, which protects business and individuals from internet-based risks, which typically cover security responses, data recovery, ransom demands, system failures, and other types of damages that disrupt or compromise operations. On average, 48% of companies have invested in cyber insurance, and no doubt more will recognize the value of proactively buffering against attacks.[4]

Logically, the cybersecurity industry offers more job security than many other professions. Economic upheavals, political instability, automation, disruptive technologies, and natural disasters are no match for the persistence of cybercriminals. According to the U.S. Bureau of Labor Statistics, the need for information security analysts will grow by 35% from 2021 to 2031.[5]

And of course, security companies are blossoming. Some target specific industries, others tackle universal challenges. And increasingly, companies are having to invest in multiple solutions to cover the range of threats to their firewalls, endpoints, cloud, mobile devices, operations, and compliance. 

Not “if,” but “when”

The corollary for individuals is to be vigilant, avoiding hazardous situations like accessing financial records over unsecured networks, recognizing every connected device is at risk (including exercise equipment), and staying up to date on emerging threats and schemes.

It’s not easy.

Our interconnectivity is fabulous, but it comes at a price. Just as we’ve learned how to avoid getting a virus, we need to assemble an arsenal of behaviors and tools that protect our personal identities, data, and devices, and that of our family and friends. We need to recognize that while we have no control over cyberattacks perpetrated on businesses and organizations, the outcome trickles down. At the minimum, we’re temporarily inconvenienced, and perhaps more wary of the integrity of the enterprise.

Finally, we need to accept the probability that becoming a victim of cybercrime isn’t “if,” but “when.” And when it occurs, we need to act decisively to isolate and remediate the incident. My shortsightedness in thinking rebooting my NordicTrack ad nauseum was the solution could have jeopardized other devices on my network.

Just like an illness, the longer you wait to seek a treatment, the more likely it can spread and cause undesirable outcomes.

Thanks to FLY:D for their photo on Unsplash

If you like what you’ve read, check out some of my other articles on LinkedIn and consider me for your next marketing or communications role. I promise not to click on phishing emails.

[1] 2022 Cybersecurity Almanac: 100 Facts, Figures, Predictions and Statistics

[2] Ibid.

[3] Global Perimeter Security Market Size to Worth USD 149.05 Billion by 2023

[4] Share of organizations with cyber insurance coverage in selected countries worldwide in 2021

[5] Occupational Outlook Handbook, U.S. Bureau of Labor Statistics