Cybercrime is major business threat: Delcie Bean Outlook 2020 Viewpoint

Written By zachary sawtelle

Imagine you are the CEO of a successful and thriving company. You wake up and think to yourself, “Today is going to be a good day.” You walk through the front doors with your head held high, say hello to your employees and co-workers as you work your way toward your office. But as you get closer to your door, you sense an odd tension. Several members of your leadership team are huddled together, speaking in hushed tones. You know something is wrong.

Did a big customer fire you?

Did something happen to one of your employees?

No. You’ve been hacked.

This scenario has been playing out at small- and medium-sized businesses across the United States – including right here in the Pioneer Valley. Cybercrime is the single greatest external threat to any business. And it’s only getting worse.

Back to our hypothetical example for a moment. Let’s explore three real scenarios that have occurred to several businesses right here in Western Massachusetts.

Scenario 1: Your biggest vendor has called to report that you haven’t paid them. But Sally, your trusted CFO, says the payment was sent out days ago. How is this possible?

A hacker sent out an email campaign to all of your employees, notifying them that their passwords were going to expire. Three of your employees fell for it, clicked the link and provided their passwords to the hacker. Nothing bad happened right away, no one reported it and business went on.

Meanwhile, the hacker immediately logged into their email accounts, set up a rule to forward all of that employee’s emails to a Gmail account and then logged out. Now, even when that user changes their password, the hacker still gets access to their email. That hacker then sits, watches and waits for the next three, six, even 12 months, looking for the perfect opportunity. Then, they find it.

They see that a payment is late for a very large purchase and the controller that normally processes those payments is out sick. The hacker pulls a few names from your website, looking for anyone else who might have the authorization to wire money. They take the chain of emails that has been going back and forth, forward it to all of those people and say that they need payment by end of day or else. They then fake the caller ID of the vendor the payment is owed to, call your business and say that they are following up on the urgent email they just sent. Once they have someone on the phone, they provide wiring instructions and trick your employees into wiring hundreds of thousands of dollars to the wrong place.

Scenario 2: You arrive to a polite, yet concise message which is being displayed on every computer in your office, notifying you that your entire network has been encrypted and it will cost $1 million to unlock your data.

For a moment, you fight the urge to panic, feeling confident that you can simply recover from backups. But then you see your IT guy standing in the corner shaking his head. The backups have been wiped out.

Scenario 3: Your CFO gently grabs you by the arm and leads you to a quiet corner. He explains that earlier that morning he received an email from a hacker, explaining that they had stolen a copy of the CEO’s email mailbox, sifted through it and found some very embarrassing emails that reference current and former employees, customers and vendors. The hacker is threatening to forward those emails to the parties involved unless a ransom is paid by the end of the day.

Imagine yourself as the CEO in those scenarios or thousands of other similar ones. Think about the enormous pit in your stomach. That feeling of panic and fear. How could you have let this happen? What would you give to make it all go away?

If businesses are to succeed and thrive in this new world of infinite cyberrisk, they can’t until that moment to act. They can’t wait until their networks are breached, their data is stolen or they have the proverbial gun to their head.

To be successful, businesses must overcome that fear of the unknown, embrace the opportunity to learn and be willing to be vulnerable. Too many businesses are spending way too little time, focus and resources on identifying their risks, finding practical solutions and educating their employees.

In the end, not only do they suffer the consequences, but so do their employees, their customers, their vendors and the communities in which they operate.

In a world where cybercriminals are operating with virtual immunity from our laws, it is more crucial than ever that we admit that we can do more, we can do better and we’re not afraid to get the help we need.

zachary sawtelle
Previous

Forbes Small Giants: 25 Companies That Believe Smaller Is Better
Next

A small tech company tried it all to stop employee turnover. Only one thing worked.