Hailed as the world’s leading business strategist, award-winning professional speaker Scott Steinberg is among today’s best-known trends experts and futurists, and the bestselling author of “Think Like a Futurist”; “Make Change Work for You: 10 Ways to Future-Proof Yourself, Fearlessly Innovate, and Succeed Despite Uncertainty”; and “Millennial Marketing: Bridging the Generation Gap.” He is also the president and CEO of BIZDEV: The International Association for Business Development and Strategic Partnerships. His website is AKeynoteSpeaker.com
As today’s fastest-growing form of criminal activity, the numbers around cybercrime are staggering. Case in point: More than 480 new digital threats are released every minute, and nearly half of all organizations suffered data breaches or high-tech compromises in the last year alone. Incredibly, fueled by the rise of coronavirus-related concerns and the operating uncertainties that they’ve created, these virtual disruptions aren’t just expected to increase in size and frequency going forward. They’re also expected to cost leading organizations more than $5.2 trillion within the next two years — more than an entire world’s worth of fires, floods and other natural disasters combined.
Moreover, experts say these estimates are actually on the low side. According to the FBI, they understate the amount of cybercrime happening today because most digital disruptions go unreported, with actual totals potentially clocking in as much as 10 times higher. Even more striking, studies show it’s not even criminals or hackers operating from outside your networks who pose the greatest danger to your operations. Rather, the single-biggest threat to your business today is expected to come from trusted sources: Internal employees, inside operators at business partners, or other users who already enjoy an approved presence on your systems and networks.
So, how can business leaders hope to fight back and respond to threats more rapidly, let alone in an age where the number of high-tech interactions and amount of online exchanges that we’re being asked to protect is skyrocketing daily? The answer lies in adopting a simple philosophy I call Less-Than-Zero-Trust thinking — wherein it’s assumed that not only is the first rule of cyber security to trust no one, but to not even trust yourself. Likewise, it also lies in adopting a range of both low- and high-tech security practices and measures designed to help your organization, as well as its people and partners, become familiar with exercising better security habits, and gain greater visibility into and control over network interactions. In effect, the more you ingrain a mindset of healthy paranoia in your staff, and the more you use advanced high-tech tools to defend your systems by constantly scanning for and predicting cyberattacks before they strike, the better at defending your organization from digital threats you’ll be.
On the low-tech end, this means having to provide regular IT security training for every member of your staff, and grounding it in problem-solving exercises based on common real-world scenarios and newsworthy events. (Not to mention regularly refreshing this training every 3 to 6 months, and holding partners to the same standards.) It also means having to promote a culture of security in your business, in which users are skeptical of every request received — especially those that demand urgent attention, or warn of dire consequences — and take steps to verify these requests’, and senders’ validity through official channels. Likewise, greater security can be achieved here by tying multiple parties and layers of authentication to any financial transaction or user/system update of note. In effect, requiring two or more people to sign off on high-impact tasks allows you to minimize instances of human error, which is the single-biggest threat to high-tech security today. You can implement the best network security measures in the world, but all it often takes is just one phone call to con an innocent, unsuspecting employee into revealing compromising information.
On the high-tech side, implementing a less-than-zero-trust framework means regularly scanning all apps, systems, solutions and devices connected to the network to ensure compliance with corporate policy. Likewise, it also means regularly subjecting all to vulnerability and penetration testing, and routinely reviewing user access privileges to ensure that people only have access to features and systems they actually need to do their jobs. (In case a breach occurs, in which it helps to lock down these accounts and limit exposure.) But these steps alone won’t be enough to protect your business. You’ll also want to make a point to invest in artificially intelligent network cyber analytics tools, which use machine learning to scan networks, determine what passes for normal behavior or baseline activity, and report any anomalies. Using them not only can you automatically get a level of real-time insight into what’s happening on your system that’s hard for users to hide from or disguise, you also gain the benefit of putting a self-improving security solution to work for you that can spot potential worries in a fraction of the time that IT pros can — and that can immediately act to quarantine or stamp out intrusions at their source when spotted.
Of course, keeping a modern business safe from network and data breaches isn’t as simple as instituting training programs or installing even the most advanced software tools. Rather, it’s a wholistic process that requires your organization to promote a culture of security and growth at every level, and engage in a variety of routine activities designed to help you stay one step ahead of the digital curve. More than anything else, education and proactivity are key to mounting a winning defense here, as is encouraging employees to step forward and speak up when they’ve spotted something suspicious, or fallen prey to a scam. The more you and your teammates actively work together to stay on top of cyber threats, and the tricks criminals use to deploy them, the better off you’ll be. Likewise, the more you put technology to work on your side, the easier you’ll be able to rest knowing that someone’s looking over your virtual shoulder and has your back at every high-tech turn. C&IT