What kinds of cybersecurity challenges and threats do you see in your industries today?
Mike Del Giudice: Cybersecurity has been a top risk in the public sector for a long time. The biggest change over the past four or five years has been the emergence of ransomware. That type of activity has proliferated significantly because threat actors can now automate and monetize attacks and because ransomware as a service is available on the dark web. Ransomware attacks are continually evolving, and many attackers now attempt to exfiltrate and hold data for ransom – not just network access. Looking to the future, security specialists have concerns that attackers could expand ransomware targets to include industrial systems, such as utilities, water treatment plants, and power distribution centers. As threat actors figure out how to weaponize vulnerabilities against industrial systems, it will be a new ballgame for some public sector organizations. Given the continued challenges with recruiting and retaining cybersecurity talent, public sector organizations are having trouble keeping up with these evolving threats.
Dave McKnight: It’s the same thing in banking, which experiences a perpetual shortage of talent that understands those risks and how to manage them. Since the COVID-19 pandemic, many businesses have been focused on resilience, building a layered security program to mitigate the impact and likelihood of cybersecurity risks. Organizations now see that cyber resilience not only includes their own operations but also their third-party risk and exposure, which can affect their data and their customers’ data.
Chris Wilkinson: Because ransomware has become so lucrative, criminals treat ransomware as a business. Attackers are not just targeting credit card data or personally identifiable information (PII) but any data of value. Protecting intellectual property against ransomware is critical. Ransomware attacks do not just happen to large organizations. We all hear about the high-profile data breaches that have happened over the years, but more often than not, smaller to midsized clients experience breaches because they’re not as sophisticated. Such organizations typically are more vulnerable to ransomware attacks because they do not have large internal IT security teams or complex security controls, and obtaining resources is difficult.
Dave McKnight: We find that smaller companies have some controls, but those controls are often rudimentary. That’s why it’s imperative that they prepare for security events even when they don’t have the latest security tools. Organizations – no matter the size – can take proactive steps by establishing solid security awareness training, formal communications plans, and procedures for responding to ransomware threats.
Michael Lucas: Over the years, we have helped our clients implement security controls protecting intellectual property, financial data, and PII. However, we have seen the attack surface grow. Hackers are focused not just on the corporate assets but also on the products the clients sell. For example, organizations that offer or use medical devices or applications that support medicine dosage now need to take specific steps to increase medical device security. They also need to consider security during the development and management of these technologies.