For those of us who research and develop software to keep businesses several steps ahead of the ever-vigilant cyber attackers, the environment we live in is more challenging than ever.
We know that even as we develop what we believe is the very latest, cutting-edge cyber protection, there’s a chance it won’t do its job everywhere because of a failure in the chain of use.
In speaking with a group of business owners recently, I described the atmosphere to them as “the countdown to chaos,” referring to the ever-quickening frequency of cyber attacks.
How bad is it? Three years ago, there were more than 700 million records lost in data breaches worldwide. Comparatively, that seems like “the good old days,” given what’s taken place since. Two years ago, the number had jumped to 1.1 billion records, and a year ago it was 2.5 billion. That’s 7.1 million per day and 297,000 per hour. The FBI believes that cybercrime will be a $2 trillion economy in 2019.
In a word, “ouch.” Cyber threats are big business, one with an ever-increasing appetite.
So, where does this all end?
We will probably never stop cyber terrorists and hackers. What we have as an advantage is the capability to develop ever more sophisticated software and programs to thwart counter attacks.
That’s good. But it does not alone solve a growing problem.
Yes, for a business owner to have the strongest fighting chance to protect his/her infrastructure, having the best protection available is a key starting point.
Then comes the rest of the problem.
What’s needed is greater, more meaningful communication between software developers, IT professionals, and the end users (the clients). Too often, each part of the solution operates independently of the others. Even the latest and greatest in cyber protection software will not work at 100 percent efficiency if the end users are not trained extensively on how to how to avoid the situations that get them into the predicament of needing cyber protection in the first place.
As the hackers become more clever, and their use of language becomes closer to an actual match with what would look like a “normal” email, it’s incumbent more than ever on outsourced IT managers to do more than simply make informed decisions on software purchase and implementation. The role of the outsourced IT provider needs to be stepped up several notches, to being certain that their clients undergo training and education, from the simple (“remember, you didn’t win the lottery, you don’t have a Nigerian uncle, and bank accounts don’t change mid-transaction”) to the more fundamental (establishing and adhering to strict policies about personal devices and what can and cannot be stored on them).
And every IT provider should insist that their clients’ sites are tested for vulnerabilities (i.e., “hack attacks by the good guys”). The level of sophistication of hackers is such that these vulnerability tests should not be performed by the IT providers but rather by cybersecurity experts who are up to speed on the latest threats and the latest remedies.
Software developers can train the IT providers on the specifics of the protection, but the IT providers need to do a better job of educating their end users on how to avoid falling into cyber attack traps and insisting on infrastructure vulnerability tests.
Every link in this chain of cyber protection is critical to assuring end-user clients of their best chance to keep their information safe. Remember, those cyber attackers take their work very, very seriously. The clients we serve deserve no less.