The news today is flush with salacious stories of cyber-security breaches, data held hostage in brazen ransomware attacks, and compromised records and consumer information. So too has the fallout become increasingly familiar: broken trust, ruined brands, class-action lawsuits, and prolonged periods of finger pointing.
In September 2017, news broke that consumer credit reporting agency Equifax had suffered a catastrophic breach the preceding May. Hackers gained access to the personal data of nearly 150 million American citizens – roughly two thirds of the country’s population – including full names, Social Security numbers, addresses, and dates of birth. The swiftly unfolding scandal sent the company’s stock plummeting 33%, a market value loss of approximately ten billion dollars. Currently, three Equifax C-Suite managers are under federal investigation for allegedly dumping stock prior to disclosing the breach.
The digital sphere has always been rife with pathogens. Elk Cloner ravaged Apple IIs by way of contaminated floppy disks in 1981, and Brain infected IBM PCs in 1986. Initially little more than nuisances concocted to spread chaos and frustration, today malware is a primary tool of lucrative (if fragmented and decentralized) criminal enterprises whose foremost goal is financial gain through extortion and embarrassment.
The high-profile nature of certain attacks – Equifax, Anthem, Home Depot, Yahoo, Sony, and Uber, to name a few – obscures the fact that while the form, scale, and intent of attacks tend to vary, the threat looms over organizations of every stripe and size – private, public, and not-for-profit alike – in every corner of the globe. Colleges and universities have fallen prey to costly ransomware attacks, havoc has been wreaked on banks in Italy, Canada, and Bangladesh, and Russian hackers hijacked the 2016 federal election through a simple phishing scam. Such attacks are alarmingly easy to design and deploy. Phishing, for example, requires only a single distracted click on a link in an email or text. Once the automated malware has gained a toehold, systems and networks can be crippled in a matter of minutes.
Standing vulnerabilities are being exacerbated by the growing centrality of digital media in our day-to-day lives. The proliferation of devices means a multiplication of exploitable entry points, as does data stored across networked, hardware and cloud-based platforms. The more sprawling the company or organization, the more exposed it may be, necessitating cyber-security strategies that cover partners, manufacturers, and suppliers. Not only are new dangers always emerging, but they can occur because of easy to make mistakes such as forgetting to update your OS, or through portals as unlikely as an IOT enabled fish tank.