US Companies Aren’t Preparing For Cyber Attacks

Uploaded on 2021-06-30 in TECHNOLOGY--Resilience, GOVERNMENT-National, FREE TO VIEW

The years 2020 and 2021 to date have been very challenging for business. The Coronavirus pandemic and lockdown restrictions have been difficult and many organisations have also had to deal with threats from increasingly sophisticated cyber attacks. Unfortunately, the US  corporate sector don't appear willing to spend money on cyber security until they are attacked and, based on recent eventsthey aren't even ready for unsophisticated attacks. 

As cyber attackers demonstrate the ability to paralyse  industrial systems and key online networks supporting the critical infrastructure, this attitude is no longer workable.

Too often, business leaders seem to think that the cost of improving their firms’ cyber defenses is greater than the unknowable future financial pain of post-incident restoration. In the absence of specific, direct threats to their businesses’ information technology assets, the most attractive option is often to do as little as possible. Even some of the biggest companies in the world have been hit. In fact, even after numerous security warnings, a US pipeline came under attack.

US Colonial’s pipeline was shut down after a ransomware attack. Considering the company supplies refined oil products to meet about 45% of the consumption needs of the US East Coast, this was a major national event.

A survey of information security officers at nearly 400 companies by WSJ Pro Research. offers a revealing snapshot of the state of cybersecurity, what kinds of companies are unprepared and why. The results found that

  • A number of important industries are dangerously vulnerable to cyber attacks.
  • Small businesses are far less prepared than big ones.
  • Many companies aren’t even taking taking the basic steps to improve their readiness, leaving them exposed to breaches that can threaten their existence. 

When asked if companies and the federal government are prepared for nation-state cyber attacks, Jerry Bessette, head of Cyber Incident Response at consulting firm Booz Allen replied “absolutely not.”

Both the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) say that US  businesses need to strategically plan and reduce the increasing threat of cyber attacks and develop detailed data backup and recovery plans. 

President Biden and the US and Congress agree on the need to spend heavily to help the US economy emerge from the shadow of the COVID-19 pandemic. If the recent wave of high-profile ransomware attacks is any indication of things to come, then assigning at least some of the money allocated for COVID-19 relief towards private-sector cybersecurity would be a good investment. 

Businesses must recognise the importance of executive management engagement in cyber security policies. Boosting cyber resilience often depends on securing buy-in from business leaders and releasing the budget to enhance cyber security. Leaders must step up now and realise that cyber security is not optional - it’s essential.

MarketWatch:      WSJ:        Babble:     Law Society:      DefenseOne:       Channel Futures:      

You Might Also Read: 

Russia Wants A Deal With US On Cyber Security:

 

« How To Prevent Healthcare Data Breaches
How To Write Learning Objectives For Cyber Security Training »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BSI Group

BSI Group

BSI is the business standards company that equips businesses with the necessary solutions to turn standards of best practice into habits of excellence

BruCERT

BruCERT

BruCERT is the referral agency for dealing with computer-related and internet-related security incidents in Brunei Darussalam.

Bayshore Networks

Bayshore Networks

Bayshore Networks was founded to safely and securely protect Industrial IoT (IIoT) networks, applications, machines and workers from cyber threats.

aeCERT

aeCERT

aeCERT is the national Computer Emergency Response Team for the United Arab Emirates.

PrimaTech

PrimaTech

PrimaTech provide process safety, cyber and process security, and risk management consulting, training and software for the process industries.

Aporeto

Aporeto

The Aporeto platform protects cloud applications from attack by authenticating and authorizing all communications with a cryptographically signed identity assigned to every workload.

Kindus

Kindus

Kindus is an IT security, assurance and cyber security risk management consultancy.

Privafy

Privafy

Privafy helps mobile service providers, IoT manufactures , and enterprises redefine the way they protect Data-in-Motion.

RNTrust

RNTrust

RNTrust provide solutions to meet today’s digital challenges utilizing digital technologies and services to make you more secured in digitally connected environment.

StickmanCyber

StickmanCyber

At StickmanCyber we are on a mission to create a digital world that is safe for everyone - we are your trusted cybersecurity partner.

Pionen

Pionen

Pionen are a specialist information security consultancy with excellent people and proven security delivery methodologies at its core.

Silent Quadrant

Silent Quadrant

Silent Quadrant delivers incomparable cybersecurity consulting, digital transformation, and risk management within our purpose-driven clients - empowering them to be the most resilient entities.

Vancord

Vancord

Vancord is an information and security technology company that works in collaboration with clients to support their infrastructure and data security needs for today and tomorrow.

Castlepoint Systems

Castlepoint Systems

Castlepoint Systems is a pioneer in information governance, risk and compliance as a service. An all-in-one solution offering powerful risk management, built in compliance, cybersecurity and audit.

Miggo Security

Miggo Security

Miggo is the first Application Detection and Response (ADR) platform on a mission to stop application breaches.

Orca Fraud

Orca Fraud

Orca is an AI-driven fraud orchestration platform. We empower fraud fighters to outpace fraud using our custom ML models.