The Doyle Report: Common Sense Says It’s Time to Disengage with “Security Deniers”
What do Yahoo, Johnson & Johnson and the Democratic National Committee (DNC) all have in common? Easy: they all acknowledged that they were hacked in 2016.
They were hardly alone.
In 2016, Dyn, Symantec, iBaby and plenty of others came under fire, which begs the question, “who is next?” The answer may be “everyone”—not because security consultants and service providers aren’t doing their jobs, but because customers aren’t doing theirs. No matter their market, size or savvy, customers have to believe that somehow, somewhere, someone will compromise their ICT systems. It’s not a question of if but when, experts say.
Despite this, most businesses willfully downplay if not ignore security risks.
This week for example, RedSeal, the developer of a cyber security data analytics platform, released the results of a new survey on CEO confidence. The big finding: “more than 80 percent of CEOs are very confident in their firm’s cybersecurity strategies, despite the fact that security incidents have surged 66 percent year-over-year since 2009.”
Tellingly, on the very day this news dropped, “The Wall Street Journal” reported that “Republican Leaders Join Call for Probe of Russian Hacking of U.S. Election.”
Why do business and government leaders fail to appreciate the size and scope of the problem? Blame over-confidence and arrogance—human weaknesses, in other words. RedSeal found CEOs “still prioritize keeping hackers out of the network.” This, of course, is outdated thinking, akin to trying contain virus by restricting the movements of those who cough. A better idea? How about having a comprehensive plan to deal with a contagion once it reaches a community, company or computer system?
I’m baffled by “security deniers.” What more warning do corporate officers need than what has been reported in the last few months alone? Just today A10 Networks sent over a list of 2017 predictions from Chase Cunningham, director of Cyber Operations at the company. He’s a former U.S. Navy chief cryptologic technician who supported U.S. Special Forces and Navy Seals during his three tours of duty in Iraq. He knows a thing or two about bad actors. His list of predictions for 2017 includes the following:
- DDoS attacks get even bigger
- Automobiles become a target
- The threat of ransomware grows, and…
- Point solutions no longer do the job
To help your customers in 2017, you’re going to have to persuade CEOs, even stubborn ones, that two immutable truths prevail today: bad actors won’t stop until they have compromised every organization’s data, systems and applications, and that employees are some of their most vulnerable assets—far more than the security cameras, Dropbox accounts and personal devices attached to their digital networks.
Why? As I explain in “The Digital Revolution,” a thought-leadership book published by Pearson Press, “We are human.” By that I mean we have our frailties. Hackers know we are vain, greedy and hurried, and prey upon these conditions daily. As a result, “we click on things we shouldn’t, search for things we ought not to, and ignore common sense for the sake of expediency.”
The CEOs of your customers should know better—and so should you. If they choose to tempt fate, then that’s their business. But it shouldn’t be yours.
