LOL, We Don’t Have Any Data Worth Stealing Why people don't take security seriously?
That is the one sentence reply I received recently from a potential client after I invited him to webinar introducing a new SaaS security product. It makes me crazy.
Let me take a step back… When I started my company, almost 10 years ago, I did it to help companies protect their data, their documents, their ideas, their customers and honestly their business. Through the years, my engineers and I have been called into a company as a ‘fixer’ when things go badly. We have been able to help hundreds of companies through pretty bad situations. And we are proud to say most of them still have us on retainer as a trusted partner in the security sector of their IT infrastructure.
When I talk to some business leaders, and I hear “we don’t have anything worth stealing.” It does make me crazy. It seems as I care more about their business than they do? Don’t they realize how much more costly it is to recover from a data breach than prevent one?
Why don’t they get it? And what is the consequence?
The National Cyber Security Alliance (NCSA) just released a study. This study shows, a majority of Small-Medium-Businesses (SMBs) believe Internet security is critical to their success and brand (77%). At the same time, two-thirds of SMBs aren’t concerned about cyberthreats (65%). The data shows that this client’s thought is not unique. It is an opinion shared with a lot of companies.
These companies just don’t understand the larger picture. You may not have anything that is worth targeting and spending resources on to obtain. However, when my grandma can hack you just as soon as look at you, that’s where you have to start taking things seriously. We will come back to Grandma in a moment.
When you are connected to the Internet today you are at risk. You are at risk of facilitating criminal activities. Your are at risk of losing proprietary data. You are at risk from ransomware locking you out of your systems. You are at risk of loss of your trusted partners, employees or customers. These factors all contribute to the reportedly huge 60% failure rate of businesses 6 months after a data breech.
Crime as a Service (“CaaS”)
You have heard of Office 365 Dropbox and Salesforce. Another name for that is Software as a Service (“SaaS”). I’m sure you probably heard about Azure and AWS where you can “spin up” a server, use it for whatever you need it for and then delete it all within an hour. That’s infrastructure as a Service (“IaaS”).
But what does this have to do with grandma? Well, grandma is pretty tech savy. She just had a bad experience with your company. In the past, she would tell her close of circle about her bad experience. Then she found facebook and told her story there. Then on any number of review sites. Now grandma heard about a new site…
She subscribes to this new site, Crime as a Service (“CaaS”). Its all the rage these days. Like most things on the web, if people want it, if you can make money doing it, there is a market for it. CaaS is no different.
These CaaS sites are set up to monetize zero day vulnerabilities and other vulnerabilities in general to take advantage of companies just like described above. This subscription service is set up to allow you to utilize “government state” type of weapon systems. They allow grandma to get her revenge from her keyboard.
My point is not that my grandma turned into a hacker. And I am not condoning grandma taking up this hobby. My point is simply when Grandma can do it. Then think what really motivated people can do. Either they target you for for some unknown reason or you get caught up in a random scan. (see my dark web blog the story of the CEO going to a circus) If you don’t take this topic seriously, if you are not completely patched 100% of the time, it is likely that you can get pwned.
What is the conclusion:
You do have something to protect- your business – your data, your network, your machines.
Are you still not convinced? Check out this article, The Rising Tide of Crimeware as a Service. Then re-think your security defenses.
Quick thought grandma
My grandma would never do something like this. The point that was being made is that she could. Imagine if someone had a real issue with your company. (real or imagined)
It is your responsibility to protect your company.
For more about this or any other threat vector, please reach out to your Teneo engineering team.