Jan 24, 201911:54 AMMaking Madison
with Buckley Brinkman
Betting against the house, only worse!
(page 1 of 2)
I enjoy a little gambling from time to time. My game of choice is blackjack and there’s nothing quite like having a few dollars riding on the flip of a card. I’ve never had a huge win, but I’ve never lost much either. That’s because I wager within reason. Nothing outside of what I would regret losing.
Most business leaders are more conservative than me. The best ones run tight ships and limit unreasonable risk in their operations. They make careful, incremental investments, and there’s always a “Plan B” should any of their initiatives come up short.
That’s why it surprises me that so many of these same people gamble with their companies. This particular gamble has terrible odds — much lower than betting against the house in Vegas. Less than 40 percent of companies survive this gamble, yet 100 percent of organizations will face this exposure. Still, very few companies take proactive stances, putting their entire entity at risk.
Of course, I’m talking about cybercrime and its impact. Almost every company is under attack every day. In fact, the director of the FBI said, “There are two kinds of big companies: Those that know they’ve been hacked by the Chinese and those that don’t.” Everyone is affected by expanding cybercrime and the criminal industry behind it.
I hear many of you say, “I’m too small for them to be after me. I don’t have anything they want.” That was a good defense several years ago, but the threat changed. In bygone days, these were targeted attacks, aimed at specific companies and opportunities. Now, these attacks are mass-produced with much broader reach, can be made for free, and are designed to harvest funds from many sources. These criminals want your money, not necessarily your data.
It’s frustrating watching so many smart people get burned. There are many examples — both inside and outside Wisconsin — where intelligent folks were victimized. Some are amusing, like the cybersecurity expert locked in a clients’ computer room for 16 hours. He went on site to test physical security and employees led him into the inner sanctum, but a double lock prevented him from leaving. In another, an auditor clicked on her company’s test attack. As a result, she’s in remedial training to avoid future phishing attacks.
Other examples are world serious. In one, a manufacturer sent $250,000 to establish a new supplier in the Far East. The incident ended when the firm’s banker asked an astonished CEO why he was wiring so much money to an unknown address. Other scams divert company receivables by directing customers to pay a new lockbox without company knowledge. We know companies that lost hundreds of thousands of dollars in that scheme. As you can see, stolen data is just a fraction of the attacks. We’ve seen multiple situations. It frustrates me because we can’t help unless we’re asked.
Why do so many companies ignore such a real threat? We continue to see it all over Wisconsin. Cybersecurity rarely makes it to the top of the priority list. Then, one of two things happen: companies in the Department of Defense (DoD) supply chain will have a supply contract come up for renewal and then discover they are not in compliance with the NIST Cybersecurity Framework — a requirement for over a year — and their contract is not renewed, or companies not supplying the DoD usually get religion when one of their friends’ companies is breached. Suddenly, cybersecurity becomes important.