Most corporate risk management activity consists of a logical assessment of what random events could possibly come together to cause an unplanned or accidental event which results in a major disruption of your normal business activity. On the operational side perhaps a fire, or a flood, a snowstorm, a heatwave, high winds, transport disruption, staff sickness or a power cut. On the commercial side perhaps economic recession, exchange rate fluctuation, supply chain disruption or competitor success.
These scenarios are scary enough, but at least they are mostly random events which have only a small percentage chance of ever affecting your business. With the possible exception of your competitors, no-one out there is actively working to make these events happen to your business.
Now imagine another scenario, in which there is a group of people out there who are actively plotting day and night how they can disrupt your business, steal your data, compromise your systems and bring your business to a halt. They can corrupt your e-mail, take down your website, and force your servers and phone systems offline. They can not only steal your banking and customer data to exploit themselves, but they can also make it inaccessible using ransomware until you pay them a sum of money in untraceable bitcoin.
Then imagine that this group of people is large, spread right across the globe, highly intelligent and well-funded by criminal gangs, terrorists or even governments. They have the power to launch virtual attacks on your business from anywhere in the world and, put-together, they are sending out hundreds of thousands of attacks every day, hitting the average corporate enterprise many times a day.
Now consider that your corporate security perimeter is expanding all of the time, with employees bringing their own devices to work, remote working and the Internet of Things. Then remember that more and more cyber security breaches are seeking out the weakest point in your defences, which will always be human beings rather than technology.
And finally, imagine there is a place where all of these hackers can gather to share your vulnerabilities with others and swap the information that they have stolen from you about your employees, your customers and your data. That place does exist and it is called the Dark Web. It is enough to keep you awake at night isn’t it. Well if it is not keeping you awake at night then is should be and if you think you are safe – think again.
If you want to know more about the threats that exist right now and how you can guard against them using the latest network monitoring tools, then please attend a webinar that I am hosting for the Business Continuity Institute along with my colleague Adam Blake of ThreatSpike. You can join us live at 14.00 on Tuesday 10 May or watch a recording at a later date.
Sonny Sehgal – CEO Transputec