Updated: Feb 2
We’re living in a technology renaissance, where it’s constantly changing and becoming more innovative, including cyberattacks. The more you watch the news, the more you will hear about security breaches among every type of company, big and small, due to a lack of cyber security measures. So, why does this keep happening? Antiquated systems can drive vulnerabilities leaving a perfect setup for hackers to exploit. This is because the technology that is antiquated wasn’t built to withstand today's sophisticated hackers. As hackers continue to develop their skills, designing new ways to take advantage of exposures your technology has not adapted if it's antiquated. The inability to be notified by your systems has been compromised and quickly intervened when your hackers have the upper hand. In these instances, companies big and small become reactive and quickly realize that putting things off or doing it in-house to save money is not the way to avoid such a disaster. When a cyberattack happens, now you are doing reactive problem solving, which puts everything else that was a priority on the back burner, while you now try to deal with this issue at hand. It’s clever if you really think about it. Companies that are being complacent can quickly become easy targets for hackers. Espionage is not a new concept; militaries around the world have been using this tactic for years. Hackers are just taking a page out of the military's playbook and frankly one-upping them.
You may be thinking, how can a hacker know if we did or did not invest in technology? I would ask you the same thing. How easy is it to look at a client list on most software and cyber websites? It’s even easier to just try to break into your systems; they will keep trying until they find your exposure. Still don’t believe me. I’ll also let you in on a secret. Code is written by people, and people are flawed.
Code writing is important; code-breaking is fun.
I remember back in college reading a very famous book by David Halberstam, “The Making of a Quagmire.” It was my first introduction to a term and tactic that has stuck with me since Guerrilla warfare. I can’t tell you I’m a history buff, but I do enjoy history. It’s described as the type of warfare fought by irregulars in fast-moving, small-scale actions against military and police forces, and on occasion, against rival insurgent forces, either independently or in conjunction with a larger political-military strategy. This strategy was impactful and deadly during the Vietnam war and is similar to the cyber-attacks we see today - silent but deadly.
It’s guerrilla warfare on our already vulnerable cyber landscape. As a business owner myself, I can relate to having too many things to do and not enough time in the day to do them. It’s easy to prioritize the everyday tasks, phone calls, video meetings while putting some of the larger undertakings on the back burner. You know they are there; it's just not top of mind until something happens.
It’s very important to look at how we spend our time and resources. You have to make sure your technology is capable of protecting your assets, data, client information, and company information as well as still being the right solution for your business and team. Have you designated the budget and actual time to analyze your current technology as well as change what is no longer working?
Technology budgets are often dedicated to maintaining legacy systems rather than upgrading and protecting your data and information.
It’s no longer about a hacker guessing your passwords or sending you a phishing email. Hackers are far more sophisticated and continue to improve their skills. They are not looking to guess your password and gain access to user-level information; they are looking for your system's vulnerabilities and Zero-Day Vulnerabilities. This may be the first time you have heard this term, and if so, I hope to etch this in your memory forever. If you use any kind of technology for your business, you’ll need to stay on top of this. A zero-day vulnerability is a software security flaw that is known to the software vendor but doesn't have a patch in place to fix the flaw, leaving you exposed to someone just looking for an opportunity. Essentially, it’s a known flaw without a patch. Antiquated technology will have fewer patches, more opportunities for exposure, which cannot easily fend off today's hackers.
Go through a process map
Review your technology stack and your push and pull
Look for your digital exposures on the map
Find and replace antiquated technology with technology built to defend
Review your cyber plan
Test the plan often
About the author: Cornerstone Paradigm Consulting, LLC an industry-agnostic business operations consulting firm going beyond the symptoms to get to the root cause of your business issues.