Everyone thinks companies have your back in the cyber security war but...
Everyone thinks companies have your back in the cyber security war but...
Goliath is currently beating the shit out of David, here's why.
Before you download that next app and flip through the Terms of Service attempting to avoid reading even a single sentence in it, take a few minutes to read this. The following story is fictional yet plausible. Only the needle has been changed to protect the record…
Jack had an extra spring in his step. He’d left the poker game two nights ago several hundred dollars richer. The cards had just fallen his way. Jessica’s friend was there. She’d given him a couple looks as the night went on. At least that is what he told himself. Next time. Next time he was definitely asking for her number.
Mostly spaced out in that day dream, he jolted back to reality as the loud speaker at Starbucks squawked to life again.
“Sir, can you hear me sir, what can we make for you today?”
His usual was the grande blonde roast with a touch of cream. Always a satisfying wake up drink on Monday mornings. He quickly blurted out his order and began inching his Corolla closer to the pickup window.
Mornings weren’t Jack’s favorite time of day and he was running a bit late this morning. No worries. His new support engineer was likely already in the office and going through the morning checklist. Process for process sake he would tell the new guy. Don’t these ops guys get it? Jack was an IT guru; he knew it all.
The support engineer role had been a necessity, mounds of busy work generated by these banks and their silly requirements. Didn’t they know no one cared about him or the little company he worked for.
Budget constraints were already tight and he didn’t need to be spending 100k on some IT guy who could check boxes and fill out the relentless paperwork. It didn’t matter. Their data was in the cloud now. Untouchable.
Jack’s blue Corolla rolled forward another car length and came to a stop only two cars away from the pickup window. That warm brew hitting his tongue was almost tangible. Caught day dreaming again, the taste on his tongue was replaced by a sound hitting his ears. His phone ringing.
New guy calling. New guy could wait.
Second call. What was this guy’s problem? Its Monday morning, Jack would be in the office in 10 minutes. Whatever it was could wait.
Text message buzz. Jeeze, he was going to have to chat with this guy. Glancing down at his smart watch, Jack read the words… all caps.
“CALL ME! IT’S GONE, IT’S ALL GONE. THE ENTIRE CUSTOMER DRIVE IS EMPTY. BACKUPS ARE DELETED!”
The Scary Part
Ask my wife. My memory is not what she’d like it to be and some of those things she says I forgot, I probably have. But with astounding clarity, I can remember every cyber security event I’ve led companies and customers through over the years. Backups destroyed. Ransomware attacks. Production API keys compromised.
I’ve seen things…
Reading the news announcement about AutoPay’s data breach a couple months ago, I could only think sympathy towards their IT team. Building a managed services company and working for an AutoPay competitor yields some unique insight. I couldn’t pick any of their technology staff out of a line up, but I’ve lived what they were thinking the day they discovered the breach.
An interesting note about the refinance business. Most is sales oriented. Much of the team are in sales or support. Little of the team is in technology. And every piece of technology in the building is a cost center
Cost centers are bad for growing companies, the goal is to reduce them. Technology is an easy one to reduce because if they’re doing their job, you never hear from them. So it gets easy to chip away at those budgets, hire the less experienced personnel.
All in an effort to get to a low cost solution that fits the axiom; “When seconds count, they’re just minutes away.”
For those needing a refresher, Auto Pay is a company that through its line of business collects significant consumer and financial information. On February 5th of 2022, AutoPay was informed by a group of malicious actors, hackers, that they had breached AutoPay’s system. Not AutoPay discovered this breach but that the hacker’s choose to inform them, 4 months after gaining access.
The “bad guys” stole thousands of consumer’s data. All this data was re-homed… and the copies and backups, destroyed.
The kicker, AutoPay started notifying consumers on March 23rd that their data had been compromised. Over a month after being notified themselves. Why so long you might think?
Because AutoPay’s number 1 goal is protecting AutoPay. A distant number 2 might be protecting the consumer but number 1 is protecting themselves. The scary part is AutoPay is the rule, not the exception. Consumers are under a false pretense that the myriad of rules exist to protect them. They don’t.
The Situation
Here’s the takeaway. That AutoPay data breach is one of thousands happening every year. They happen at this rate because legitimate businesses and consumers are at war and they don’t know it.
There is a sophisticated, intelligent, revenue driven apparatus that is focused on the booming profits of cyber crime. And it is booming. How much booming?
The Denver Broncos were sold this year for just over 4.5 billion dollars. The largest sale of a US based professional sports team. It makes sense, the NFL has killer revenue.
Many larger markets are out there. A random one, say Market Research in the US, is a strong 28.6 billion dollars in size for 2022. This market is also growing at a good pace of 2.4% a year.
A non random market, one known for sizeable revenue is the US oil & gas industry. In 2020 the total revenue for US oil & gas was an astounding 110 billion dollars.
Let’s take it up a notch. A smaller country, say Peru had a gross national product of roughly 200 billion dollars. Get to be a larger company, say Mexico, and we hit the trillion mark… 1.07 trillion GDP.
Yet we can still go bigger. The three largest GDP’s on the planet are, in ascending order, Japan (3), China (2), and the U.S. (1). 5.06, 14.7, 20.9 trillion dollars respectively.
In 2021, Cyber crime generate an estimated 6 trillion dollars in damages. That’s larger than the GDP of Japan. This damage is growing. Currently estimated at a 15% rate. That is the size of the beast we are up against.
Even worse news… the people who operate as a line of protection, the cyber security specialists; there is currently a shortage of 3.5 million people. Over half a million in the U.S. alone. And I’ve got news, not all technology people are made the same. Plenty of smart tech people out there who can’t tell cyber security from mall security.
So imagine your situation. You have given your data to tens, maybe hundreds of companies. Those companies are routinely being attacked by a system economically this size of a booming country. Those companies strive to spend as few resources as possible on protecting your data. And the cyber soldiers are at a multi million deficit in terms of availability.
Stories like the one above impart an incredibly important concept. The security of you; your data, your profiles, your behaviors, all the things that make up the online you and tie back to the real you, are entirely up to you to protect. Companies today are not the blockades you think they are. Its up to you.
Its your responsibility to know what sort of companies you are doing business with. Even more so when those companies have free services… think Gmail. Remember the next time you are downloading an app or signing up for the next cool service.
If you aren’t paying for a service or good from a company; getting something for free… that means YOU are the service or good that company is peddling. You’re the commodity!
Doesn’t seem fair does it. Yet we are all told that life isn’t fair. The last few months have had too many teaching moments for my taste. Plenty of lessons out there to grow from.
Today, do one thing to put yourself in a better cyber security posture. Commit to reading the next terms of service. Get a VPN service. Check your anti-virus. Don’t download that free app that you will use once and never again.
Protect yourself. You are the line in the sand.
Shameless Plug - Fabled Fudge (www.fabledfudge.com) is getting ready to launch! That’s right, the delicious fudge that comes to some of your doors at Christmas will now be available year round with some amazing new flavors to come.
I am super excited to be able to make this a reality. Have had a lot of fun figuring out the logistics of this, testing new recipes and making something near and dear to the Wilcox Family.
Sign up for the mailing list over there, be the first to get the goods!
If you found this worthwhile, hit the like (heart) or share this out and let’s grow this subscriber base. Also feel free to leave a comment!