I have focused significantly in recent months on the threats that we face in an increasingly complex cyber world. See Hardwired Hacking (11/18) Cybersecurity 2020 (11/19), Cybersecurity 2020's Hot Topic (01/20) Cybersecurity 2020 Again (04/20), and Cyber Threats 2020 (07/20). Technology is increasingly changing our world. That technology and therefore we, are dependent upon data, processes, and programs. These seek our data input, collect our data interests, and mathematically target us with resulting marketing. As scary as these somewhat innocuous impacts are, that collected data is also of great value to miscreants and other malapropos actors.
The threats to "big" business are readily apparent in the news. Major retailers, famous websites, social media, and more have made the news related to data breaches. The famous in society see their most intimate details stolen, publicized, and even deprecated. The invasion of privacy damages mental health, finances, and privacy. But, the persistent good news it that it always happens to someone else. That is, until it hits home. I am confident that 20 years ago I knew no one whose identity had been stolen. Today, I know numerous. I know people whose personal and professional lives have been compromised and complicated by the acts of malcontents who thrive on causing people discomfort and pain.
I know people who have related (1) their medical records being breached, (2) their identity being used to open credit accounts, (3) their hardware being stolen with sensitive data, (4) their email compromised and used to transmit impostor messages, (5) their social media accounts accessed and used by others, and (6) their networks locking them out of their own data and being held for ransom.
I know people who maintain vast databases and documents filled with the confidential information of their own clients. Some have internet connections that allow them to access volumes of such information stored on servers owned by others, or share their data with others. The information age is dependent upon the flow of information on the "superhighway" that is the Internet. And, there is a seemingly endless supply of bad actors who are focused on misappropriating, stealing, and leveraging that data.
Cybersecurity has never been more important or more challenging. I have been fascinated as the Florida Cybersecurity Task Force has refocused our attention on this topic. I have learned a great deal in the last year regarding the threats, the cures, and the pain that is involved. I was therefore excited to be peripherally involved in planning the cybersecurity conference that was to be a part of WCI2020. Unfortunately, when the WCI was postponed, the leadership decided an in-person cyber program was similarly not viable in the age of COVID-19. Fortunately, the critical programming will still be available, but in a remote format.
WCI has teamed with organizations such as Associated Industries, The Florida Defense Support Task Force, The Florida Economic Development Council, and the Center for Cybersecurity at the University of West Florida to produce a stellar program on Cybersecurity. The program registration is only $49.00, and features speakers such as Senator Marco Rubio and Katherine “Katie” Arrington (Office of the Secretary of Defense).
The program promises to deliver the kind of information that any small business needs. The key points include:
- How to protect your data – Individuals and Companies
- Who are the “bad guys”?
- How to recognize and respond to a cyber breach
- Demonstration of a Simulated Cyber Breach
- Preventative action steps for protection
- The DOD Cybersecurity Maturity Model Certification (CMCC) Program
- Compliance with CMMC standards
The major trend is toward data security requirements for businesses that interact with the federal government. The access to government markets will be dependent upon the satisfaction of multiple security standards and certifications. These businesses will have to be secure in order to interact with the government. But, recognizing that any chain is only as strong as the weakest link, those businesses' other customers and vendors will likewise have to be security-focused. The business linked to the government will have to ensure the security of those "others" with which it does business.
Securing company "X" from the bad actors, in order to protect the government agencies with which it works, will be effective only if the others with which Company "X" interacts are similarly secured. The vendors who need access to company "X" data to provide medical care, claims adjusting, and legal representation must similarly be secure. Otherwise, each might be a weak link in a chain and thus a threat to the security of the integrated network and the exchange of data and information. In short, an unsecured vendor could lead to a breach. It happened in 2013 with Target stores, and the potential remains.
There is a probability that cybersecurity will be a persistent challenge and expense in years to come. The driving force is of course the bad actors whose behavior is being challenged. But, that is leading to increased government regulation that will directly impact businesses, and that impact will expand through those businesses' interactions with far-reaching and significant implications and expense. The imposition of standards on federal contractors is likely to be mimicked by state governments, The trickle-down impact of such standards is apparent.
Those with an interest in protecting their own data would be well advised to learn more. Those with an interest in doing business would be served by this expanded knowledge. The future will include regulation and certification for many. I plan to be in attendance September 16-17 because this addresses an important topic, helps us understand a significant threat, and provides us with professional growth and education at minimal cost. Will you take an interest now while this affects someone else, or wait until some hacker takes a direct interest in you?
