For the past year, cyberattacks have been increasing both in numbers and intensity. Cyber threat actors have been exploiting the current remote work scenario to the maximum extend. The rapid adoption of cloud due to COVID-19 also resulted in a scenario where the adoption of cloud was surpassing cyber security norms. Even with the end of the pandemic in sight, threat actors have no sign of giving up. At this juncture businesses worldwide are faced with the choice of upping their cyber security posture or incurring huge losses.
At Hexcon21, we had the privilege of interviewing Dan Lohrmann, an internationally recognized cybersecurity leader, technologist, keynote speaker and author. Over his illustrious career of 30 years in the cyber security space, Mr. Lohrmann has served several organizations in both the public and private sectors. This includes the time when he led the Michigan government’s cybersecurity and technology infrastructure teams from May 2002 to August 2014 and held the role of CSO, CISO and CTO. Currently, Mr. Lohrmann serves as the CSO and Chief Strategist for Security at Mentor Inc.
During the interview, we asked him about the current state of cyber security, worldwide. He shared some advice on how businesses of all sizes can tackle cyberattacks at the forefront. He also shared some anecdotes from his stints at the leadership positions and he also gave a small sneak peek into a new book he is working on. Let’s look at these questions in detail.
What do you think are the causes of cyberattacks?
When asked this question, Mr. Lohrmann said that there are multiple contributing factors but he also managed to highlight the three key elements that are causing cyberattacks currently. These are:
The number of threat actors and threats: Mr. Lohrmann added that there has been an explosion in the number of threat actors involved in cyber emergencies. This has caused an imbalance in the cyber security landscape. As more and more people get involved with the malicious side it is harder and harder to contain this issue.
“Volume of people involved in the dark side or the attacking side has never been greater”
As per the GTIC Monthly threat report of August 2021, Ransomware reports have increased by 50% from 2019 to the present. The trajectory also shows an increase of Ransomware occurrences by 300% by the end of the year. It is very scary and something all businesses worldwide should be on the lookout for.
The attack surface: Over the past year businesses worldwide were pushed to go remote. This meant, in most cases, more devices and in all cases, devices outside the corporate network. Mr. Lohrmann stated that “Cybersecurity is an outflow of the world that we live in.” Each device is a vulnerable point of attack. With a staggering increase in devices and IP addresses, the attack surface is not at all what it used to be.
Bad actors are ahead of the curve: Mr. Lohrmann states,” There is a debt now being paid”. A lot of businesses often had the belief that cyberattacks might never happen to them. This led to a sense of complacence that the bad actors to get ahead of the curve. So, this meant that cyber security was usually lagging and the cyber attackers were always ten paces ahead.
How can SMBs shield themselves from such cyber-attacks?
According to Verizon’s data breach report, in 2019 43% of cyber-attacks were aimed at SMBs and 60% of SMB who had encountered a cyber-attack went out of business within the next six months. Unfortunately, the numbers have only gone up since then. With looming ransomware and malware threats on the horizon, SMB should take extra measures to jade themselves against such attacks. When asked about tips he could give SMB regarding their cyber security posture, Mr. Lohrmann said the following.
- Do a risk assessment: It is crucial to take stock of the points of vulnerabilities. Be aware of the data your organization has. Understand how and where it is being stored. Take a quick audit of the tools you are using in your organization. Understand the risk profile for the data you own.
- Create a cyber security plan: Before you set anything in motion, a plan is essential. There are several cyber security frameworks available that you could use to plan out a workflow that would fir for your organization. The plan should also be actionable and measurable.
- Identity management: Have a stern eye on who has access to your network. Employees coming in, employees exiting, 3rd party vendors, contractors etc. Since businesses are still practicing remote work in most cases, the network is no longer confined within the perimeters of your office building. The parties mentioned before could connect to your network from an entirely different environment which could compromise your cybersecurity posture.
- Awareness Programs: It is a common misconception that cybersecurity is just the IT department’s responsibility. It is not true. Each and every employee in your organization should be aware of their responsibilities when it comes to cybersecurity. This can be done with frequent training programs, which could also be gamified to make it more fun. These training programs should aim to teach people things they already don’t know and hence should frequently be updated.
- Walk the Talk: The best way to motivate your employees to follow these precautionary measures is if the management gets involved too. The higher-ups should lead by example and take these measures to heart and follow them to the tee.
When asked about his experience leading the state of Michigan during the blackout of 2003 as their CISO, Mr. Lohrmann emphasized how important it is to have a plan during a cyber security event. Among all the adversity, rumors of it being a terrorist attack and about half of Michigan fully blacked out, Mr. Lohrmann and his team were able to pull through because of an updated cybersecurity plan.
In his interview, he also mentioned the new book he’s working on with Shamane Tan, Cyber Mayday and the Day After. In this book, you can read how C-level leaders from around the world plan for cyberattacks and how they execute them without a hitch. The book would be available from November 2021 onwards and would be a great read given the current cyber security climate.