Corporate America too often ignores the need to bolster cyber security.
Art Jacoby, Contributing Columnist – Baltimore Business Journal
Termites. The dreaded insect that strikes fear in the heart of every homeowner. The mere mention of the word makes millions of hearts beat faster and throats go dry. Termites cause an estimated $5 billion in damages annually in the U.S.
As a nation, we have high situational awareness of termites. We spend money protecting our valuable homes because the cost of defending is much lower than the potential financial and emotional damage. This is risk management working well: awareness and prudent actions taken by decision-makers to invest appropriately in protecting valuable assets.
Now, let’s shift our attention from the consumer to the U.S. commercial markets where there are $250 billion in annual damages of stolen intellectual property and cash. On top of that, there is difficult-to-measure damage from diminished confidence and/or reputation that depresses future revenue and earnings.
Unlike the comparatively easy-to-mitigate termites in your front lawn, these adversaries are diverse, attacking more frequently, increasingly sophisticated at avoiding detection and becoming more difficult to mitigate. They are formidable to say the least. “Even experts are scrambling to understand the issues and develop effective solutions,“ said Deepak Jain, president of Beltsville-based AiNET / CyberNAP.
As a nation of businesses, we have collectively shrugged our shoulders at this almost invisible menace. My primary and secondary research over the past several years attributes this inaction to these beliefs by CEOs, CFOs and boards of directors.
These are some of the common mistakes:
• Denial: My business is not a likely target.
• Under-estimating adversaries: My systems are safe and my IT staff, advisers and technologies are fully capable of protecting us properly.
• Regulatory compliance: We are meeting current regulatory requirements so additional action is not required.
• Overwhelmed: I don’t know where to begin so I’ll deal with it later.
• Waiting for the silver bullet: Somebody’s going to come up with a simple solution so I’ll sit on the sidelines for now.
• Budget constraints: I’m unwilling to divert funds from other uses.
For many businesses, these answers fall short of proper and prudent governance and leadership.
Say hello to the most common cyber threats to your business today: phishing, trojans, worms, unpatched software and, for those businesses with especially valuable assets and operations, advanced persistent threats.
They’ve likely already visited your business, possibly dozens of times, and they may be with you right now — quiet guests who will “help themselves” to whatever they want.
Since you’ll be using your mobile phone in the next few minutes, a word from Cleve Adams, CEO of AirPatrol in Columbia: “Even though we all carry one, we often forget about mobile when thinking about cyber. These smart phones, tablets, etc are much more than little PCs and require different measures for accurate protection.”
Think termites. Improved security is one click away.