Nobody is safe from cyber risks, such as hacking, data breaches, and ransomware, nowadays. No organization is too large or too small to be spared from cybercrime, with everyone from governments, multinational corporations, and even small businesses being targeted. There is a never-ending arms race between cybercriminals and cybersecurity experts, with criminals always looking for new ways to victimize businesses and individuals.
Daaniël van Siereveld, founder and CEO of Oregon-based IT managed services provider Issue53, says that no business today is immune to cyber risk, from one-man shops to global firms with thousands of employees spanning multiple continents. With the rise of AI, hackers can easily code and send thousands or even millions of fraudulent emails or text messages, and if even 1% of recipients click the link, then that’s a win for the hackers.
Furthermore, even the most secure cybersecurity protocols can be breached, given enough time, as it just takes one employee error for a hacker to gain access to a network. While training is important to reduce the chance employees fall for phishing and other cyber scams, it is not a foolproof method.
According to Daaniël, protecting an organization against cyberattacks involves multiple layers, as there’s no silver bullet for this risk. For example, in defending against ransomware, the first layer is the spam filter, which prevents the offending email from appearing in the employee’s inbox. The second layer is the user clicking the link, and the third and last layer is the ransomware executing on the system. This is often accomplished via innocuous-looking document or spreadsheet files that run scripts, also known as macros, on the back end, allowing the ransomware to encrypt the user’s files or let the hacker gain access to the user’s device and network via a backdoor.
Before going full-time as CEO of Issue53, Daaniël has worked in multiple environments focusing on a high degree of cybersecurity. These include Vice President of IT Operations at an institutional banking company dealing with cryptocurrencies and other digital assets for some of the largest financial institutions in the world. Recognized as an expert in the field of cybersecurity and compliance, Daaniël contributed a chapter, titled “Critical Steps to Take If You’ve Been Hacked”, for the upcoming book From Exposed to Secure released on March 19th, 2024.
“The most common issue that I see in many organizations is not necessarily the budget, but rather not having a team to implement, manage, and monitor their systems,” Daaniël says. Many organizations are hoping that their team members are educated enough not to click on obvious phishing emails. But, we're all human and even the most tech-savvy person can make a mistake if they’re having a bad day, are distracted, or expect an email from someone the hacker impersonated.”
Being targeted by a cyberattack is an incredibly risky event, especially for many small businesses. Industry statistics show that 60% of small businesses end up closing down within six months of a cyber breach. The damage caused by the cyberattack extends far beyond the direct costs incurred due to business downtime and repairing the damage. The reputational damage of being attacked is also very costly, as businesses quite often lose valuable customers and may need to hire a PR or crisis communications firm to rebuild their reputation.
Additionally, companies in regulated industries, such as healthcare and finance, can incur huge fines from regulators if proven that the breach was enabled by the company’s negligence. These fines can easily go into the millions of dollars, especially if a large amount of customer records is involved in the breach.
With the possibility of being hit by a cyber attack continuing to rise, Daaniël says that there is value in designing the organization's digital infrastructure to limit and minimize the amount of damage a cyberattack or ransomware can inflict. One example is zero trust network architecture (ZTNA), where each device is treated as if it were compromised by default. All users and devices must verify their legitimacy, even when connected to an official network. A computer cannot communicate with any other computer in the entire company unless it needs to, as defined by parameters set by the organization’s IT team or network administrators. This also extends to the applications on each device, which limits any potential ransomware or hacking, isolating and preventing it from spreading to the entire network.
Regular penetration testing is also important, as it allows IT personnel to assess the security of the network and identify any weaknesses that need to be patched.
“My advice to businesses when it comes to cybersecurity is: if you're not prepared to do it yourself, find someone competent who can do it for you,” Daaniël says. “IT matters can get complicated really quick, and leaving it to someone unqualified is just not an option anymore. In today’s highly digitalized world, consulting a cybersecurity professional is just like hiring an accountant to manage taxes or bringing your car to the mechanic to get the oil changed. It's the same sort of thing in cybersecurity these days – Like a Doctor, we prescribe, and it needs to be followed. If not, there will be ramifications.”
Media contact:
Name: Daaniël van Siereveld
Email: [email protected]
