This post is part of a series on Cybersecurity.
It’s understandably a huge story when millions of credit card numbers are stolen from a household-name retailer. But the retail industry, banks and other types of businesses that collect payment card information are not the only targets of pernicious hackers.
Attackers come from all walks of life and are driven by a wide variety of motivations. Some are inspired by extreme loyalties to other countries or corporations. This has been the case in the energy sector when, for example, adversaries hack in to the supply chain in an effort to disrupt oil production. It’s also been the motivating factor in many cases of insider theft when trade secrets are siphoned out of a business’ network and provided to a competitor. Terrorist organizations can view interfering with private industry as a means for wreaking widespread financial and physical havoc. And hacktivists use their deep technical skills as a means of protest – often for freedom of information, but any cause or principle can be the stimulus.
Even for financially motivated attackers, credit card numbers aren’t the only target. Account logins, email addresses, social security numbers and even information about weaknesses in a business’s networks can be sold through a highly developed underground marketplace. Cyber extortion, when an attacker gains control of a system and holds it for ransom, is also a popular money-making tactic. Today’s hackers are well-resourced, robustly funded and highly organized.
Bottom line: no business or sector should assume it’s safe from these ambitious, dedicated criminals. If you have a business to run, you have something of value to hackers and therefore you have something you must protect. Valuable information is everywhere, in every sector.
So what’s the solution? To start, it’s recognizing a paradigm shift. Cybersecurity is an executive-level issue. It can no longer responsibly be delegated to the IT department. While there’s no sure-fire defense against cyber crime, safeguarding a business requires executive management to dedicate their own time and resources to support information security. Company leaders know what digital assets are of the highest priority to their organizations, and only they can coordinate the various critical stakeholders — legal counsel, compliance professionals, security experts and IT professionals – to ensure that information is managed with the utmost care and protection. Accepting this obligation is a must for leaders in every sector: if you don’t shift your thinking about the problem, you do so at your own risk.
Erin Nealy Cox is the executive managing director at Stroz Friedberg, a global leader in investigations, intelligence and risk management.
Image by Anton Chiang.