Operating under a constant threat of cyberattacks is the new normal in today’s enterprise. It’s no longer a question of how to fix the problem but rather, “How can we prepare the company to deal with cybersecurity threats every minute of every day?” Here’s why:
AS SEEN IN HARVARD BUSINESS REVIEW, SEPT. 2015
Hacking is a rapidly growing global industry generating billions of dollars in illicit trade annually. This underground economic engine is fueled by a strong reseller’s market where hackers offer stolen credit cards, personal identities, and intellectual property on the “dark Internet” to buyers who will use them for personal gain or to inflict harm.
This cyber black market is maturing. In addition to stolen goods, sellers offer services such as money-back guarantees. Buyers can obtain tutorials on using stolen data or hire subcontractors to do their dirty work. And it’s not all about money. Motivations range from sectarian hate between nation-states to the bitterness of a laid-off employee. In our line of work, we see attacks designed to compromise a company’s competitive position, sabotage operations, and even cripple an entire industry.
Highly motivated hackers are both persistent and adaptive. They can unleash hundreds of different ways to attack your networks at once, learn, and try again. They have the luxury of being anonymous, always on the offense, and seldom prosecuted.
On the other hand, companies that do business on the Internet are highly visible targets. They don’t know when they’ll be attacked or by whom. They need to cover all those fronts without error, while the hacker needs only one opportunity. In short—hackers have the advantage.
It’s time for a new approach that acknowledges the “chronic” nature of this risk and faces it head-on.
At a minimum, we believe this requires:
A proactive strategy.
Defense is not the endgame. The cybersecurity team has the expertise and capabilities to handle a cycle of recurring engagement. They prevent where possible, detect what they couldn’t prevent, respond quickly, and predict what will happen next.
A tone at the top.
Boards and C-suite executives manage the risk at an enterprise level. They set risk tolerance and hear equally from IT and security leaders for a balanced view of enablement and risk mitigation.
The whole business is engaged in the prevention of hacking. Employee training programs are in place—from boardroom to mailroom.
Security requirements are enforced across business lines and with partners and affiliates.
At Dell SecureWorks, we use these approaches to protect our own assets and those of our clients. Learn more at:www.secureworks.com/cybersecurity-iq