- Compliance & Regulation, Technology
Share
Every company—from the largest tech giants to small businesses you’ve never heard of—faces the possibility of a cyber threat. Every minute of every day, cybercriminals turn to the internet to attack companies around the globe. How bad is it? Estimates from Cybersecurity Ventures predict that the damages related to cybercrime will hit $6 trillion—and will thus cost more than all natural disasters in a year. Ransomware attacks strike every 14 seconds and financial services institutions remain a top target for malefactors, according to Cybersecurity Ventures.
The toll that such a breach takes on your organization hinges upon how well you have prepared during peacetime. That means now. Alarmingly, leaders at many companies—from management to the cybersecurity team—cannot answer crucial questions about who targets them, what vulnerabilities employees leave open in their networks and what data, if any, has already been compromised.
Worryingly, cyber threats continue to grow exponentially with no end in sight. The World Economic Forum’s 2019 Global Risks Report ranks “massive data fraud and theft” and “cyberattacks” as, respectively, the fourth and fifth most likely global risks to occur over a 10-year horizon, solidifying their position alongside environmental risks in the high-impact, high-likelihood quadrant.
In response, companies have invested millions into enhanced security measures—yet these same institutions still feel powerless on the virtual battlefield. The current standard approach has not kept up with ever-evolving threats from bad actors. Cybersecurity challenges continue to plague boardrooms worldwide.
So where do we go from here?
Currently, companies sit connected to the internet as unknowing defenders. Let’s banish this reactionary outlook to the past. In this dangerous environment we now inhabit, we must stay ahead of digital wrongdoing by embracing a novel approach to risk management—an approach I call “cyber vigor.” Gone are the days of responding only after a crisis. Now it’s time to become a proactive defender, unmasking the identity of bad actors and knowing what’s happening to your data through identity threat intelligence.
Audit committees of boards will need to push past the usual security questions of yesterday. To produce a stronger defense and think strategically, CIOs, CFOs and CISOs must prepare to answer more penetrating questions, such as:
Using identity intelligence, companies can ensure that credentials stolen from past consumer breaches aren’t used to access corporate systems. After a consumer data breach occurs, cybercriminals can seize the personal passwords of victimized employees and reuse them in professional settings—and thereby unlock valuable corporate data and company trade secrets. Understanding what employee data has been comprised enables a proactive defense and can minimize future exploitation.
Cybercriminals will always evolve and employ more sophisticated attack methods. In response, we must understand who the bad actors are and what data or resources they’ve seized. With a cyber vigor approach, organizations can assume a proactive stance and strengthen their defensive efforts. Without it they will remain in reactive mode, continuously under threat by the unknown. Nor will they take any comfort in the known threat that usually follows—for as Target, Marriott, Equifax and other victimized companies can attest, massive data exposure often leads to poor media exposure.
George de Urioste is the chief financial officer of 4iQ, a cyber intelligence and identity theft organization based in Los Altos, California.
Become a member to unlock exclusive content, connect with industry experts, and gain access to valuable resources
If your employer is an institutional member, activate your ProSight membership benefits with a simple email address.
