US Companies Aren’t Preparing For Cyber Attacks

Uploaded on 2021-06-30 in TECHNOLOGY--Resilience, GOVERNMENT-National, FREE TO VIEW

The years 2020 and 2021 to date have been very challenging for business. The Coronavirus pandemic and lockdown restrictions have been difficult and many organisations have also had to deal with threats from increasingly sophisticated cyber attacks. Unfortunately, the US  corporate sector don't appear willing to spend money on cyber security until they are attacked and, based on recent eventsthey aren't even ready for unsophisticated attacks. 

As cyber attackers demonstrate the ability to paralyse  industrial systems and key online networks supporting the critical infrastructure, this attitude is no longer workable.

Too often, business leaders seem to think that the cost of improving their firms’ cyber defenses is greater than the unknowable future financial pain of post-incident restoration. In the absence of specific, direct threats to their businesses’ information technology assets, the most attractive option is often to do as little as possible. Even some of the biggest companies in the world have been hit. In fact, even after numerous security warnings, a US pipeline came under attack.

US Colonial’s pipeline was shut down after a ransomware attack. Considering the company supplies refined oil products to meet about 45% of the consumption needs of the US East Coast, this was a major national event.

A survey of information security officers at nearly 400 companies by WSJ Pro Research. offers a revealing snapshot of the state of cybersecurity, what kinds of companies are unprepared and why. The results found that

  • A number of important industries are dangerously vulnerable to cyber attacks.
  • Small businesses are far less prepared than big ones.
  • Many companies aren’t even taking taking the basic steps to improve their readiness, leaving them exposed to breaches that can threaten their existence. 

When asked if companies and the federal government are prepared for nation-state cyber attacks, Jerry Bessette, head of Cyber Incident Response at consulting firm Booz Allen replied “absolutely not.”

Both the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) say that US  businesses need to strategically plan and reduce the increasing threat of cyber attacks and develop detailed data backup and recovery plans. 

President Biden and the US and Congress agree on the need to spend heavily to help the US economy emerge from the shadow of the COVID-19 pandemic. If the recent wave of high-profile ransomware attacks is any indication of things to come, then assigning at least some of the money allocated for COVID-19 relief towards private-sector cybersecurity would be a good investment. 

Businesses must recognise the importance of executive management engagement in cyber security policies. Boosting cyber resilience often depends on securing buy-in from business leaders and releasing the budget to enhance cyber security. Leaders must step up now and realise that cyber security is not optional - it’s essential.

MarketWatch:      WSJ:        Babble:     Law Society:      DefenseOne:       Channel Futures:      

You Might Also Read: 

Russia Wants A Deal With US On Cyber Security:

 

« How To Prevent Healthcare Data Breaches
How To Write Learning Objectives For Cyber Security Training »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Evidian

Evidian

Evidian, a Bull Group company, is the European leader and one of the major worldwide vendors of identity and access management software.

softScheck

softScheck

softScheck is an IT security consultancy. Services range from pentesting and compliance testing to security auditing of software and IT infrastructure.

Momentum

Momentum

The Cyber Security team at Momentum offers a professional and specialist recruitment service across Cyber & IT Security.

vArmour

vArmour

vArmour is the industry’s first distributed security system that provides insight and control for multi-cloud environments.

Ground Labs

Ground Labs

Ground Labs is a security software company dedicated to making sensitive data discovery products that help organisations prevent sensitive data loss.

Sopra Steria

Sopra Steria

Sopra Steria is a leading European information technology consultancy.

SMESEC

SMESEC

SMESEC is a lightweight Cybersecurity framework for protecting small and medium-sized enterprises (SME) against Cyber threats.

Banshie

Banshie

Banshie is an independent cyber security company with a small team of recognized specialist that are among the best in their field.

FifthDomain

FifthDomain

We are a specialist cyber security education and training company tackling the global cyber security skills shortage.

Meterian

Meterian

The Meterian Platform is a fuss-free solution to protect you against vulnerabilities in your app’s software supply chain.

Cyera

Cyera

Cyera is the data security company that gives businesses context and control over their most valuable asset: data.

Assured Clarity

Assured Clarity

Assured Clarity are a global consultancy, specialising in Risk Management and Data Privacy, through Education, Awareness and Training, throughout an organisation.

Fulcrum Technology Solutions

Fulcrum Technology Solutions

The Fulcrum team of technologists are recognized experts in the fields of IT Infrastructure Technology, Security, Service Management and Support.

Strata Information Group (SIG)

Strata Information Group (SIG)

Strata Information Group (SIG) is a trusted partner in IT solutions and consulting services.

Alchemy Security Consulting

Alchemy Security Consulting

Alchemy Security Consulting specialise in offensive and defensive cyber security. We find the weak link in your security so you can patch it up fast and avoid being hacked.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.