How unsecure is your workplace?

According to Cybersecurity Ventures’ annual cybersecurity report, cyber-attacks are the fastest growing category of US crime, with damages estimated to exceed $6 trillion by 2021.

The risks are real

Ransomware attacks now hit organizations every 14 seconds. Why are we seeing so many attacks and why can’t we prevent them? The reality is that cyber criminals are getting ever more sophisticated, often working as part of well-coordinated organizations, and today can easily acquire the tools they need to detect and then exploit vulnerabilities in networks and applications.

Smart buildings are particularly vulnerable to cyber-attacks thanks to their extensive systems integrations. In the first half of 2019 alone, 37% of the computers used to manage smart building automation systems were affected by malicious cyber-attacks, according to Kaspersky’s Smart Building Threat Landscape report.

Why are cyber-attacks growing? What is contributing to this trend?

Unfortunately, the fundamental architecture and building blocks of the internet were built assuming that users are trustworthy. Then when hackers and cyber-attacks started to appear, we applied security band-aids in the form of access controls, firewalls, encryption, and more. Today, these band-aids make it too easy for cyber-criminals to find their way through or around them. Despite all the security technologies and tools that are now offered, we need a more radical shift in our thinking. Many people are advocating for an entirely new Internet, secured by design for our new world, e.g. everyone is mobile, everything is connected.

The fact that today’s Internet is not secure certainly presents us with a massive challenge — it is the underlying platform that connects people and transmits data across the planet. And we’re only stretching its limits further as it increases its reach.

What can we do about this?

While we arguably really do need a new, security-first Internet, there’s plenty we can — and should — be doing right now. We can:

1. Always design hardware and software with security in mind. Security should never be an afterthought.
2. Ensure that the key security building blocks — authentication, authorization, monitoring — are as strong as they can possibly be.
3. Regularly reassess the security policies of our vendors and partners, understanding that securing the supply chain is perhaps the most overlooked security issue right now.
4. Be diligent about the update, upgrade, patch process. When vendors or partners release security patches or updates that address vulnerabilities, we must apply those patches immediately.
5. Assume a breach mentality — no matter how much we protect our people and data, we must expect that we will be breached. We need to prepare for that and plan what we will do when it happens.
6. Plan for incidents and conduct tabletop exercises to test our plans. We must ensure that employees, vendors, and partners fully understand their role in cyber-attack prevention — and help educate them when they don’t.

It would be great to hear from you! Share your feedback and experience in the text box below.