Cyber Security And Data Compliance — *Think Like a Lion*

The cyber industry is a complex, interconnected root network of codes, advanced technology, and human nature that is second only to the economies of the United States and China in terms of profit. Cybercrime alone is more profitable than the entire global illicit drug trade and is expected to reach $10.5 trillion annually by 2025, a 15% annual increase.

And that’s not the only concern for technology-dependent and naturally vulnerable SMBs and large businesses.

Since the General Data Protection Regulation (GDPR) went into effect, a new pot of money has opened up, and the numbers are equally daunting. Today, the biggest fears of business leaders around the world are caused by the complexities of data privacy compliance and cybersecurity, and these two areas are intertwined on more than just the obvious level.

The prevailing feeling of our times so bravely shared has spread from our private spaces to the second place where it hurts the most: our communication devices.

Not only do we feel alone and helpless in the face of geopolitical and economic turmoil, mass shootings in educational institutions, and climate change, but we may be even more desperate in our professional environments, which were once the source of our stability and control, namely when they were not dependent on technology.

Our forefathers were right: technological progress is not a boat that everyone can ride on.

On the bright side, demand for cybersecurity professionals is at an all-time high, and we are pretty sure that will not change in the future. Why is this the bright side?

First, because in general, any new profession that develops from the vulnerability of the market stabilizes and harmonizes that market, making it stronger and more profitable.

Second, because you can find part of the solution here, if not the entire solution. And third, because if you can both save and generate money for millions of people trying to find their happy meadow, you are in a heroic position. And if your children ever ask you for this advice, you can confidently show them where the big money is.

Everyone knows that if you want to stay in it for the long haul and build your wealth and success through products and services that support and enrich people’s lives, you need to know how to protect your contribution.

It’s easy to get scared. Just cover yourself with numbers, they are the scariest ghosts that have ever lived under our beds and desktops.

I am a father, and my protective instinct extends from my daughter’s individual world to the entire world she needs to be a part of.

Yes, I want to protect her world and teach her how to protect herself. I do not want her to feel alone and afraid of the abilities and knowledge of others. Because that’s what the shadow presents, in our case the Dark Web, and if you do not resist it, it will cost you:

Data corruption and destruction;
Stolen money;
Lost productivity;
Intellectual property theft;
Theft of personal and financial data;

Embezzlement;
Fraud;
Disruption of normal business operations after an attack;
Forensic investigation;

Recovery and deletion of hacked data and systems;
Reputational damage.

Security is becoming the biggest problem in our society, or perhaps it already has become, whether you like it or not, no matter which side you are on.

Opportunity makes the hero.

The Industries Most at Risk From Cyberattacks

Data breaches cost companies an average of $3.62 million. Although the following list includes specific industries that have been most affected by cyberattacks in the past and will continue to be so, you shouldn’t forget that the size of your company plays an important role here.

Regardless of their niche, small and medium-sized businesses are targeted 75% of the time by cyberattacks because, unlike large enterprises, they don’t have security teams, don’t understand security requirements, and, simply put, don’t invest enough resources in finding experts and supporting their growth through ongoing training and education.

A cybersecurity expert of yesterday isn’t necessarily a cybersecurity expert of today or tomorrow.

With that in mind, let’s look at the industries where your data privacy and cybersecurity skills are most in-demand.

1. Healthcare

Healthcare organizations remain the most vulnerable industry to cyberattacks because they store and process a large amount of personal data, including data of a financial nature.

Although the industry has strict compliance standards that can detect any exploitable vulnerabilities, it is still up to healthcare facilities to lock down their networks and systems to facilitate HIPAA compliance and protect electronically protected health information (ePHI).

2. Financial Services Industry

Banking, credit and other financial services offered via mobile apps make this industry a real treasure trove for cybercriminals. Here they find both gold and diamonds, i.e. money and personal data. Funnily enough, 78% of financial institutions are satisfied with their cybersecurity strategies, despite 1 in 3 attacks being successful.

The FDIC’s penetration testing for financial institution compliance is changing this discrepancy. Banks, credit unions, and others must ensure the security and confidentiality of customer data, establish controls to prevent unauthorized access to information, and ensure that customer and consumer data is properly disposed of.

3. Government And military Infrastructure

The government and military are high-profile targets hounded by at least three interest groups:

Foreign threats in the form of international politics and economic competitors;
Hacker activists, known as hactivists, who want to make a political statement and, in some cases, make a difference;
Cybercriminals who want to answer multiple prayers in one fell swoop and capitalize on the wealth of personal and classified information.

This is where FBI comes in, but even they can’t accomplish much unless they work with the private sector, which brings us back to the basics of cybersecurity and the next industry on the list.

4. Education

All the foundations of our society can be found here. The quickest way to cause the disorder is to destabilize the educational infrastructure, as we have easily seen with the pandemic online classes and mass shootings. Yes, cybercriminals are gaining more and more access to their targets as more and more endpoints are added.

And here, in the intellectual property of campus research, we find new value for the lucrative business of cybercrime, easily sustained thanks to the prevalence of slow computer processors in schools and on campuses.

5. Energy

The energy and utilities sector is a popular playground for hacktivism and cyberterrorism. The miles of empty space between facilities, compensated by the numerous mobile connections, provides free rein to the domineering mentality of corrupt or just disillusioned cybercriminals, enabling them to simply cripple the energy grid and utilities, literally rendering the entire economy and the lives of millions powerless.

Utilities are subject to strict compliance laws (e.g., NERC), but they alone cannot guarantee 100% successful defense.

The Gigantic World of Data

According to Cybersecurity Ventures, humanity will store 200 zettabytes of data by 2025, and half of it will be in the cloud. We are talking about private and public IT infrastructures, utility infrastructures, private and public cloud data centers, personal computing devices (PCs, laptops, tablets and smartphones) and Internet-of-Things (IoT) devices.

Every day, about one million new people join the Internet. It is estimated that more than 7.5 billion people will be connected to the Internet and interacting with data by 2030.

According to a Cisco report, by 2023 there will be three times more connected devices on the planet than people.

Meanwhile, cyber threats have expanded from computers, networks, and smartphones to people, cars, railroads, airplanes, power grids, and anything with a heartbeat or electronic pulse.

How Does Data Compliance Create Cybersecurity?

Cybersecurity compliance isn’t just a collection of stringent and mandatory requirements enforced by an expensive fine system, but a critical requirement for the success of any business.

A compliant company builds an organization’s trustworthiness, competence, and perseverance by establishing continuous monitoring and assessment processes for devices, networks, and systems to analyze risks, establish a framework for protecting sensitive data, and mitigate data breach threats.

It is almost unbelievable that the United States, where the largest technology companies in the world are located and where the largest amount of user data in the world is collected, does not have a privacy law at the Federal level.

I do not think we can give up our Wild West archetype, which has allowed us to explore in-depth the rules and nature of the free market. But that’s all going to change now, and the U.S. data market will be regulated just as data use is regulated in US and China.

This is the list of requirements that the new U.S. data privacy law will place on your company when dealing with personal data.

The law applies to all organizations, including nonprofits and telecommunications companies, and creates a new division within the Federal Trade Commission (FTC) to enforce the law.

Covered entities must limit data collection to the “reasonably necessary, proportionate, and limited extent” as determined by the Federal Trade Commission FTC.
Covered entities must provide “privacy by design” and ensure that users do not have to pay for privacy.
Covered companies must give consumers the opportunity to opt-out of targeted advertising.
Companies must improve data protection for children and minors.
Companies must give consumers the right to access, correct, delete, transfer, and withdraw consent at any time.

Companies must be more transparent about how they collect and use data.
Companies must offer more protection to sensitive personal data.
Larger platforms must adhere to more accountability measures.

The ADPPA establishes basic consumer data rights and requires all organizations that process personal data to follow certain procedures, which become more complex for large data holders and third-party service providers that process data.

The Compliance Alone Is Not Enough

I am a data expert and security fanatic in the golden age of the early 60s (I still look good and can run), the same age as Warren Buffet when he became a serious millionaire, and it became important to me, as it did to almost all of my predecessors, to share and articulate what I learned and saw on my path to data protection excellence.

This is my third article exploring and articulating the position of small and medium-sized businesses in the great wilderness of cyberspace. Can a small fish survive the currents and dynamics of the ocean, its creatures, and nature?

It feels like you are alone against cyber threats, privacy compliance, and even the FBI, which is taking a more active role in this area, which you can find about more in my previous article.

From my years of experience, I can confirm that you are alone and targeted because you are uninformed and uneducated and therefore have few options to protect yourself.

When I talk to my clients – and I do every day – they often express that they have no power in the face of the great unknown and unmanageable. But is that really the case?

Do you really have no power anymore?

Management of the Unmanageable

Management of the unmanageable begins with managing the manageable.

You must invest in ongoing security training and listen to your security staff. Otherwise, you’ll be left alone and vulnerable.

Accept the fact that without email security personnel, you do not have a security team either, and you will not be able to defend against 90% of attacks.

And do you patch regularly? This is another question I ask my clients on a regular basis, and by that, I mean weekly or better yet daily patching.

Nine out of 10 companies I talk to feel they are left alone but are giving away 10% of their weight to cybersecurity because they just want to buy cybersecurity insurance. And the real tragedy is that they are all underqualified and only meet 20% of the qualifications that are required to buy cyber insurance.

Let me just give you a quick example. One of the requirements for cyber insurance is that the remote access has MFA. Do you have that? Did you know that MFA blocks 99.9% of login attacks?

However, according to Microsoft, only 18% of its own customers have multifactor authentication enabled. This statistic is shocking considering that it comes with the Microsoft license and is not very difficult to implement.

Let me add that Microsoft offers many security features that you should enable and configure, such as the GPS -based credentialing feature. This checks the location of your user GPS, which adds an extra layer of protection in case MFA is hacked.

My point is that for the best protection, you need to partner. Find your data security team and share the responsibility because it all comes down to how much you are willing to invest in resources, time, money, and intelligence.

Join one of the large companies that have invested 100% in data protection measures. I’m talking Microsoft Defender, Office 365, and Google Security World with all its fantastic data security practices.

Learn to Earn

From my position no one can match Microsoft, which is truly the stronghold of security.

I talk to hundreds of companies every week, and nobody knows what they’re doing.

Most security vendors focus on one, rarely two, aspects of data security, while Microsoft covers more than 50 different security topics that are also the top products.

The sooner you partner with Microsoft Defender, the sooner you won’t be alone and unprotected.

Now, I don’t want this to sound too much like advertising, because my company TLIC, Inc. Worldwide doesn’t just license Microsoft, but when I’m asked for my truly expert recommendation, there’s always only one answer: Microsoft. I use it and so should you if you ask me.

There are a few new vendors on the horizon, but with the exception of Google, none even come close to what Microsoft offers.

And let me ask you, which productivity suite do you use? Outlook or Gmail?

But the problem with partnering with Microsoft is that you have to take a year off to learn how to use all of their features. And I mean that literally: IT professionals have to study, pay and prove their knowledge to get a Microsoft certificate to work with Microsoft’s solutions.

This is a highly complex knowledge transfer in the world of speed, apps and viral competition.

Is it worth your resources, time, money, skills and education? I think so. I have never regretted any of the Microsoft certifications, and I will keep looking for more.

In my next article, “Microsoft as Your Security Defender,” I’ll take a deeper look at how to make Microsoft your top data guardian. Yes, it’s a piece of work, but so are all good things in life.

Take the time to learn and expand your circle.

Only then will SMBs and BBs become strong, fearless and resilient. And only then can they plan their future wisely and set their business up for overwhelming growth.

I can recommend the best success coaches when you get to this point, but first you need to become big and extensive yourself in terms of knowledge, information and skills.

Steven Palange, Your Data Expert

Call Me at 401–214–5557 or steven_palange@tlic.com

Cyber Security And Data Compliance