SPC CYBER SECURITY was created in sunny Fort Lauderdale Florida. For everyone who keeps up with the news, it has become impossible to ignore the signs over the past five years that major crime is occurring online at an alarming rate. Major breaches at companies such as Target, Ashley Madison and Sony are becoming the norm losing the classification of being isolated incidents. As we see more of these kinds of examples, we become numb and try to go on with our lives thinking that these major type of companies and their large budgets will keep us and our important personal information safe. This unfortunately is not the case as while you may not read about it on the front page of the New York Times, it does not mean that small to middle size companies are not being breached every single day. Approximately 60% of Advanced Persistent Attacks occur on small to middle size businesses who are simply not prepared. Hackers do not discriminate based on the size of the company size nor do you know how valuable all the different kinds of data (no matter how raw) are to them. The saying “you don’t care what they know until you know how much care” rings loud and true.
Just like with everything in the history of civilization, new industries created through the evolution of our day to day functioning bring positive and negative effects and these negative effects must be managed for us to say the hi tech revolution is/will be a positive one. Before they can be managed, the decision makers at companies must understand what kind of critical risk they are dealing with and not underestimate the value of data held within their network. While a business may not offer desired data/assets to a hacker, that company’s clients are another story, look at the Target store breach as a perfect example. It was through the HVAC vendors network that the hackers were able to enter Target’s network and get all the way to Target’s point of sale system stealing millions of dollars.
The concept of fire is highly comparable to the cyber industry at every level. As history has shown us, there is no way to 100% avoid the threat of a fire, it does not care what you did yesterday nor what you do tomorrow and it will not stop until it has taken everything. Through the centuries we learned more about fire, prevention became governed via legislation, detection was put into place via smoke detectors, response via water sprinklers and fire extinguishers and finally recovery via insurance and recover plans. Our approach to fire has matured over time and we are now at a place whereas fire incidents are down by approximately 50% since the 1980’s. But because the threat of fire is ongoing, businesses must have a mature approach to fire and the same applies for cyber security. Businesses must understand that there is no way to avoid the threat of a network breach through vulnerabilities exploited however solutions should be put in place to prevent, detect, respond and finally recover from them. Cyber threats are here to stay with the surface area of a potential breach expanding every day as more day to day functions go digital creating additional vulnerabilities and it only takes one for an adversary to exploit your network. Cyber insurance should be considered as equally if not more important than fire insurance based on cyber incidents skyrocketing and ever evolving. Recently Bank of America released a statement that they had raised their annual cyber security budget to 500 million dollars and that it is the only budget line item on their operating budget that has no limit. This is an example of a company acknowledging that cyber security is priceless and a moving target.
Unlike the physical world, there are no real rules or boundaries so understanding and countering the threat is no easy feat. The department of justice is doing everything in their power to find ways to use the current laws in the most elastic ways possible to illustrate to our adversaries that the punishment is not worth the crime. Once “crypto lockers” for instance take control of your data, it is next to impossible to regain control of your data without them providing the decryption key usually after a ransom has been paid. Companies cannot afford to rely on the legal system though and while there is no silver bullet, they must implement offensive and defensive security tools to create a mature security posture.
Larger companies still find themselves in a better position to middle size markets because of budget, press coverage, the DOJ’s attention etc and for this reason SPC CYBER SECURITY was formed. We provide solutions to companies of all sizes that are feasible, service orientated, understandable for non-technical people, ongoing and full service. We are invested in educating the public through our “cyber hygiene” campaign and gaining more press coverage which in turn should expedite the efforts from a legislative perspective in the long run.