Foreign adversaries are targeting your small or mid-sized business
A few years ago, the U.S. Defense Department warned, “we are facing increased global disorder, characterized by decline in the long-standing rules-based international order — creating a security environment more complex and volatile than any we have experienced in recent memory.”
This global disorder has repercussions for U.S. companies. Small and mid-sized businesses, particularly those in sensitive industries like technology, defense, and energy, are extremely vulnerable to attack by foreign nation states and cyber criminals.
Once attacked, the statistics are dire. Sixty percent of small businesses that suffer a cyber-attack go out of business within six months. And while cyber is a critical threat, there are other types of risks that can be just as consequential and which most executives don’t even know are out there.
If you’re a CEO, you need to become familiar with the global threats that could impact your organization. Then, you can take some basic steps to protect your business.
Trending Threats
Threats are constantly evolving. As a CEO, you should get smart today on ransomware and emerging threats from China and North Korea.
Ransomware: The threat of ransomware is increasing. According to a recent report from cybersecurity company Sophos, 66% of companies were hit by ransomware in the last year and the average ransom payment was $812,360. For many small and mid-sized businesses, the financial burden of such a payment is enough to put them out of business, even before considering the potential legal and reputational risks.
Chinese spies: This summer, in an unusual joint appearance from the FBI and MI5, leaders of both organizations warned about the scale and scope of Chinese espionage against Western companies. The concerns are not limited to Chinese cyber threats, with FBI Director Wray noting Chinese operatives are “set on using every tool at their disposal” to target businesses.
North Korean imposters: North Korean IT workers are trying to get hired into remote positions by U.S. companies and are hiding their country of origin, according to a recent State Department advisory. Companies that fail to do their due diligence could be at risk from intellectual property theft, reputational damage, and even sanctions violations.
What CEOs can do
The thought that foreign intelligence services and hackers might be targeting your business can be overwhelming. And, while it may help, outsourcing your IT and meeting compliance requirements are not enough in the current security environment. You can start with the following steps to reduce your security risk.
Develop deeper security consciousness: Typically, when companies talk about “security awareness,” they mean a 30-minute training that tells employees not to click the suspicious link in their email. Training is important, but it’s more critical that you, your executive team, and your employees develop a broader understanding of the security environment so everyone can have their antennae up — in short, creating a “see something, say something” culture. Assigning a team member to keep an eye on alerts and advisories from government organizations can help.
Take a fresh, holistic look at your attack surface: In light of rising threats, it’s a good time to look closely at your organization’s attack surface. Most importantly, you need to remember that security is not simply an IT problem that can be handed off to a managed service provider and forgotten about. Threat actors can exploit weaknesses in your hiring and background screening processes, poor vetting of third and fourth-party vendors, or even a breakdown in communication among your executive team. A bit of extra attention to these issues will go a long way in preventing a security incident that could mean the end of your company.
Buy cyber insurance: If you don’t currently have a cyber insurance policy, now is the time to get one. If your organization is compromised by a breach, cyber insurance can help you cover the costs of everything from incident response and remediation to crisis management and public relations. Premiums have been increasing, and there are few indications that trend will change. Therefore, you should buy today instead of tomorrow. Cyber insurance is one of the quicker fixes that can help you sleep easier at night.
As global threats continue to rise, security will need to be ingrained in every business. CEOs who act now to go beyond a check-the-box approach will place their organizations on much stronger footing for the coming years.
