The four horsemen of the cyber apocalypse. What do we do about them????

There are a number of scenarios that normal everyday business could be confronted with in the near future that they may not have any control over.   Although they are not expected, the spectre of them happening cannot be underestimated.

So here are 4 horsemen that may have a substantial impact on your business.

Vampire data:

Not all data in a business is defined and managed correctly, there is a new catch phrase in the ICT industry called ‘vampire data’, this is data that you never knew you have, never knew where it was stored and in some cases never even knew who put it there.

But, it is your data, it is information that needs to be protected.    This ‘vampire data’ includes old backup tapes, old hard drives, any old storage devices that have been disposed of incorrectly.   It can also include information that has been uploaded to cloud based systems like drop box with no knowledge of it happening at the business level.

The solution to this problem is twofold – Train your people to recognize and correctly handle corporate data and only allow users access to information that their role in the business needs them to have access to.

Lack of business understanding:

Most business react when they discover that their data has been involved in a breach, but many do not realize that after it happens is too late.

When a breach has happened the forensic components of the investigation will normally discover that the lax attitude contributed to the breach but the lax attitude to auditing and logging means that discovery of the culprit and how long it went for will be not forthcoming.

Hackers change direction:

Everyone knows that we have to protect our information from hackers and other criminals on the WWW.

What businesses do not understand is that there has been a slight change in direction by this group of individuals.   The hacker is no longer after you, your business or your money, they are out to destroy you.   So welcome to the world of cyber-terrorism and cyber-warfare.

This was noticeable when attacks where perpetrated on Sony and RSA last year, they were focusing on data, information and infrastructure.   This will only flow down to smaller and smaller units across the world.

Non-Disclosure

In the old days, 12 to 18 months ago if your network was involved in a breach you could quite conceivably hide the fact from the outside world.

Today you cannot, the increased visibility on the internet means that people will notice that you are having problems and social media will kick in and you will be discovered.

The landscape has changed to a level where the next businesses that you may need to partner with are forensic partners, privacy law firms and breach notification partners.

If and when a breach or attack happens then some level of spin will be required to ensure that your still a viable business at the end of it.

So the four horses of your cyber apocalypse are coming, how you handle the situation will reflect on your business and culture going into the future.

So tactics and strategy has to change.

What you need to do is find all the data and make sure it is managed and destroyed correctly, put the right level of management, auditing and logging in place, protect yourself from insiders and external threats, and partner with people who can get you out of the problem if it all does pear shaped.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.

Leave a Reply