Friday, September 29, 2023
Monday, September 25, 2023
NEW INC. MAGAZINE COLUMN FROM HOWARD TULLMAN
Don't Gamble with Your Tech Security
This week's cyberattacks in Las Vegas are yet another
reminder that you can't be passive about protecting your network and other
digital assets. You need to relentlessly remind all team members that they each
have a role, every day, in protecting the company--and their jobs.
BY HOWARD
TULLMAN, GENERAL MANAGING PARTNER, G2T3V AND CHICAGO HIGH TECH
INVESTORS@HOWARDTULLMAN1
Watching the hapless
victims of a cyberattack as portrayed on The Morning Show -- running
around like headless chickens while clueless executives demand instant
protection from the just-arrived outside team of white-hat hackers -- I was
painfully reminded of just how interconnected we all are by our devices. And
how exposed and vulnerable every business is to network intrusions by
criminals, along with the extortionate ransom demands that typically accompany
them.
When people returned to
the office, they brought with them all the shortcuts, compromises, simplistic passwords and other bad habits
they've adopted working remotely, along with all the crap and viruses their
kids have inadvertently loaded on their laptops and home networks. Now's the
time for companies to refocus and redouble their efforts to protect themselves, their
people, their customers, their networks, and their digital assets from the
risks and increasing likelihood that they are cyberattack targets. Remember, it
wasn't raining when Noah built the ark.
The trouble is that
until they've been the victim of identity theft or had a check ripped off from
the mail, everyone and every business of whatever size thinks that it won't
happen to them. You can explain the risks, the economic
and reputational costs, the relatively inexpensive preventative steps, and
everything else to smart and otherwise prudent and rational entrepreneurs and
corporate executives. But you can't understand for them.
An excellent case in
point: two of the largest casinos in Las Vegas just got hit by cyberattacks
with Caesars paying millions in ransom (without sharing any of that information
on the Strip) shortly before MGM got hit with a similar attack. We've
been led to believe by Hollywood heist movies that it's incredibly tough to
take on a casino because of massive security and surveillance technology. Guess
not. You can't really stop what you can't see and keeping ahead of the hackers
is more difficult every day. You either pay up front for the protection that is
available and keep your fingers crossed or you pay after the fact for the failure
and hope it doesn't happen again.
In the recent Morning Show episode,
the head honchos at the UBA network were ultimately unwilling to pay a $50
million ransom although it appeared that the network could come
up with the cash. Obviously, this is far from the case for most companies
and institutions. And, in the typical circumstances of any startup or
relatively new business, a substantial and unpayable demand would very likely
mean the death of the firm.
Startups are rarely
sitting on piles of cash; investors never want to see their funds going out the
door to pay ransoms; and new business builders almost never spend scarce
dollars on insurance. Apart from the D&O insurance which their
investors demand, it's a one-in-a-million prospect that they've purchased
sufficient business interruption protection to cover cyberattacks.
Entrepreneurs believe in passion and promotion, but rarely commit appropriately
to downside protection. One of the clearest COVID-19 lessons was just how
strapped and skinny millions of startups are and how little thought and money
they had committed to resilience and backing up their businesses and their data
securely offsite.
To me, the show actually
had a far more important message, especially for executives and senior managers
charged with cybersecurity responsibilities. The episode tracked the responses
and reactions of the various junior and senior staff members to the crisis.
Whether through stupidity, selfishness, or inadvertent subversion, several main
characters completely ignore the experts' very specific directions to surrender
their mobile phones to contain the spread of the virus. Worse yet, despite
being told that the corrupted phones represented further risks of damage, they
stealthily snuck off to make personal calls. Which reminded me of an old
truism: men are not against you; they are merely for themselves.
The point is that no one
has the luxury of acting alone because there’s really no digital environment
that’s absolutely isolated, insulated, or secure. Every system is subject to
human intervention, frailty, ignorance, and self-interest. If your team
doesn’t seriously commit to help secure your systems, it’s just a matter of
time before you suffer. A little inconvenience and some simple precautions can
avoid a ton of disruption. And, as a recent Deloitte survey shows,
the risk isn’t where you expect it. Gen Z is, in fact, many times more likely
to fall for these schemes as older employees. Turns out, they only think
they’re a lot smarter and computer-savvy than you.
There are three major
messages that senior management needs to carefully and consistently deliver,
and also demonstrate and validate through their own actions. An example or two
of conscientious compliance by the boss is worth a million words.
First, make it
absolutely clear that the concerns expressed about system security aren't nags
or nuisances, they're necessities. They represent existential risks to the
business, and the safeguards that have been implemented aren't casual or
suggested, they're mandatory and will be strictly enforced with zero tolerance.
But just saying it doesn't make it so. Your whole organization needs to live
it.
Second, it's far too
easy for people to assume that these matters are someone else's
responsibilities and especially to hand it off to the IT guys and let them worry about
it. That's misdirected: the vast majority of breaches
aren't super-sophisticated or driven by complex technical intrusions. They're
the result of simple sloppiness, stupid reuse of the same passwords, laziness
in terms of updating software, and, of course, social engineering, which rarely
has anything to do with the technical aspects of your systems. You want your
people to be helpful when asked, but, in these precarious times, a fair amount
of caution, suspicion, and confirmation makes a lot of sense. Keep in mind
that 91% of all known cyberattacks start with email phishing.
Third, one ongoing
problem is that the fraud phishers and the hungry hackers have increasingly
adopted two strategies: (1) they constantly use fake Microsoft logos and
language to misleadingly alert users to the falsehood that their passwords need
to be changed before they expire or are turned off by Microsoft; and (2) as the
year ends, they will again be sending millions of fake emails with titles
relating to year-end comp changes, salary adjustments, and bonuses, which
appear to be coming from internal HR departments. They're not, but they
are close to irresistible in terms of the temptation to open them. Now is a
very good time -- since October is National Cybersecurity Awareness month - to
remind your team about these two schemes in particular and also to consider how
best to distinguish your legitimate communications from the noisy and cluttered
mess.
None of this is easy to
pull off, but all of this is critical right now to get out ahead of the
problem, to the extent that's possible. Sharing stories from other companies
and articles about attacks and breaches that have been hit is somewhat helpful,
but sadly, most people still won't believe that these things can happen to them.
Until they do.
SEP 26, 2023
Sunday, September 24, 2023
We've got presidents who think that if they do something it by definition can't be against the law. We've got SCOTUS justices who feel they should not adhere to ethics rules or be criticized. We've got Senators who defend antiquated rules that grant each of them (or a minority of them) the power to stop progress on any issue ...and who value their club so much they won't speak out against obvious crimes. We have members of the House who feel they do not have to honor legal subpoenas, fulfill their duty to their constituents or honor the Constitutional definition of what constitutes an impeachable offense. We have state legislatures and governors that seek to ignore the will of the people and to reverse the results of elections without any legal grounds or justification. These abuses happen daily. Our system has become deeply and profoundly corrupt. We are in a slow motion constitutional crisis, one in which our governing ideals and principles have been gutted to serve the personal and partisan ambitions of a few--officials and donors alike. Don't underestimate the severity of this situation. Authoritarianism doesn't require a coup to assume power and snuff out democracy.
Saturday, September 23, 2023
Friday, September 22, 2023
LINKS TO RELATED SITES
- My Personal Website
- HAT Speaker Website
- My INC. Blog Posts
- My Wikipedia Page
- My LinkedIn Page
- My Facebook Page
- My Twitter Page
- My Instagram Page
- My ABOUT.ME page
- G2T3V, LLC Site
- G2T3V page on LinkedIn
- G2T3V, LLC Facebook Page
- My Channel on YOUTUBE
- My Videos on VIMEO
- My Boards on Pinterest
- My Site on Mastodon
- My Site on Substack
- My Site on Post
LINKS TO RELATED BUSINESSES
- 1871 - Where Digital Startups Get Their Start
- AskWhai
- Baloonr
- BCV Social
- ConceptDrop (Now Nexus AI)
- Cubii
- Dumbstruck
- Gather Voices
- Genivity
- Georama (now QualSights)
- GetSet
- HighTower Advisors
- Holberg Financial
- Indiegogo
- Keeeb
- Kitchfix
- KnowledgeHound
- Landscape Hub
- Lisa App
- Magic Cube
- MagicTags/THYNG
- Mile Auto
- Packback Books
- Peanut Butter
- Philo Broadcasting
- Popular Pays
- Selfie
- SnapSheet
- SomruS
- SPOTHERO
- SquareOffs
- Tempesta Media
- THYNG
- Tock
- Upshow
- Vehcon
- Xaptum
Total Pageviews
GOOGLE ANALYTICS
Blog Archive
-
▼
2023
(294)
-
▼
September
(35)
- HOWARD TULLMAN JOINS LISA DENT ON WGN RADIO TO TAL...
- WHO ELECTS THESE CLOWNS?
- NEW INC. MAGAZINE COLUMN FROM HOWARD TULLMAN
- We've got presidents who think that if they do so...
- EXCITED TO PARTICIPATE IN A.I. PANEL DISCUSSION AT...
- A PATRIOT
- PERVERT GYM JORDAN UNLEASHED AND INSANE QUESTIONS ...
- CONGRATS TO CINDY C ON THE NEW APPLE TV MINI-SERIE...
- CONGRATS TO CHRISTY T ON THE NEW APPLE TV MINI-SER...
- NEW INC. MAGAZINE COLUMN FROM HOWARD TULLMAN
- LOOP NORTH NEWS ARTICLE FROM HOWARD TULLMAN
- SO SAD
- STUMBLEMOUTH TRUMP CLICK LINK HERE TO WATCH
- THE MONEY SHOW IN ORLANDO
- HOWARD TULLMAN JOINS LISA DENT ON WGN RADIO TO TAL...
- CAUGHT IN THE COOKIE JAR WITH HIS TRAITOR AND CO-C...
- NEW INC. MAGAZINE COLUMN BY HOWARD TULLMAN
- NEVER FORGET - THERE BUT FOR THE GRACE OF GOD
- NOTE FROM NEIL STEINBERG
- Chicago's unqualified and inexperienced mayor miss...
- LOOP NORTH NEWS - JIMMY BUFFETT
- HIS LAWYER SAYS HE "FORGOT" TO REPORT ALL HIS PERS...
- HOWARD TULLMAN AND LISA DENT TALK ABOUT JIMMY BUFF...
- WE CAN'T LET THE CLICKBAIT-OBSESSED MEDIA CONTINUE...
- NEW INC. MAGAZINE COLUMN ON JIMMY BUFFETT FROM HOW...
- NEW INC. MAGAZINE ARTICLE FROM HOWARD TULLMAN
- GOOGLE WAS FOUNDED TODAY IN 1998
- JOBS CREATED BY PRESIDENT
- JOIN ME AT THE MONEY SHOW IN ORLANDO IN OCTOBER
-
▼
September
(35)