US Companies Aren’t Preparing For Cyber Attacks
The years 2020 and 2021 to date have been very challenging for business. The Coronavirus pandemic and lockdown restrictions have been difficult and many organisations have also had to deal with threats from increasingly sophisticated cyber attacks. Unfortunately, the US corporate sector don't appear willing to spend money on cyber security until they are attacked and, based on recent events, they aren't even ready for unsophisticated attacks.
As cyber attackers demonstrate the ability to paralyse industrial systems and key online networks supporting the critical infrastructure, this attitude is no longer workable.
Too often, business leaders seem to think that the cost of improving their firms’ cyber defenses is greater than the unknowable future financial pain of post-incident restoration. In the absence of specific, direct threats to their businesses’ information technology assets, the most attractive option is often to do as little as possible. Even some of the biggest companies in the world have been hit. In fact, even after numerous security warnings, a US pipeline came under attack.
US Colonial’s pipeline was shut down after a ransomware attack. Considering the company supplies refined oil products to meet about 45% of the consumption needs of the US East Coast, this was a major national event.
A survey of information security officers at nearly 400 companies by WSJ Pro Research. offers a revealing snapshot of the state of cybersecurity, what kinds of companies are unprepared and why. The results found that
- A number of important industries are dangerously vulnerable to cyber attacks.
- Small businesses are far less prepared than big ones.
- Many companies aren’t even taking taking the basic steps to improve their readiness, leaving them exposed to breaches that can threaten their existence.
When asked if companies and the federal government are prepared for nation-state cyber attacks, Jerry Bessette, head of Cyber Incident Response at consulting firm Booz Allen replied “absolutely not.”
Both the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) say that US businesses need to strategically plan and reduce the increasing threat of cyber attacks and develop detailed data backup and recovery plans.
President Biden and the US and Congress agree on the need to spend heavily to help the US economy emerge from the shadow of the COVID-19 pandemic. If the recent wave of high-profile ransomware attacks is any indication of things to come, then assigning at least some of the money allocated for COVID-19 relief towards private-sector cybersecurity would be a good investment.
Businesses must recognise the importance of executive management engagement in cyber security policies. Boosting cyber resilience often depends on securing buy-in from business leaders and releasing the budget to enhance cyber security. Leaders must step up now and realise that cyber security is not optional - it’s essential.
MarketWatch: WSJ: Babble: Law Society: DefenseOne: Channel Futures:
You Might Also Read:
Russia Wants A Deal With US On Cyber Security: