Work safe

How should organizations protect themselves against cybercrime?

The digital revolution

While serving as France’s Minister of War in the 1920s, André Maginot became alarmed by the threat of German rearmament. He had fought Kaiser Wilhelm’s armies with distinction in World War I and had no wish to see German troops invade France again.

So Maginot built a stout chain of forts, bunkers and observation posts stretching across northern France along the German border.

Unfortunately, the Maginot Line didn’t extend through the Ardennes Forest, which the French thought dense enough to deter an enemy invasion. The Germans just saw a giant hole, which the Wermacht swept through in 1939 on their way to Dunkirk and Paris. The Line also failed to deter the German air force, which simply flew over Maginot’s elaborate fortifications.

Traditional approaches to cybersecurity bear some resemblance to the Maginot Line. In both cases, the idea is to fortify your perimeter in hopes of deterring foreign invaders. Like the Maginot Line, this firewall strategy has generally failed because cybercriminals excel at finding security holes that defenders either didn’t anticipate or failed to patch.

Well over half (57%) of cyberattack victims say that an available patch could have prevented their breach, according to a 2018 survey by ServiceNow, Workflow’s publisher. A full 37% of breach victims don’t take the elementary step of scanning their systems for vulnerabilities. And 74% of victimized companies say they can’t patch fast enough because they don’t have enough staff.

That’s not surprising given the very tight global market for security talent. The global cybersecurity workforce shortage is on pace to hit 1.8 million vacancies by 2022, according to a report by the Center for Cyber Safety and Education.

Perimeter defense is also an ineffective strategy because the traditional network perimeter has largely dissolved in recent years. Employees increasingly use their own devices at work, loaded with apps that may be riddled with unpatched vulnerabilities. The Internet of Things comprises billions of connected devices, ranging from jet engines to kitchen toasters. Few were designed with security in mind. All are potential attack vectors for criminals and other bad actors.

The global cost of cybercrime rose from $445 billion in 2014 to an eye‑watering $600 billion in 2018, according to a report by cybersecurity firm McAfee and the Center for Strategic and International Studies. The bad guys benefit from low barriers to entry as well as emerging machine learning and AI tools that make it easy to probe network defenses.

To paraphrase Donald Rumsfeld, the cyber world is full of known and unknown unknowns. No security technology can guarantee that your operations and data will never be disrupted by cybercrime. As security pros like to say, the question isn’t whether you’ll suffer a breach—it’s when.

Here at Workflow, we aim to help companies avoid building the cyber equivalent of the Maginot Line. Our current edition presents a range of tips to help business leaders make sense of the threat landscape and position their companies for safety and success. They include mapping and shrinking the attack surface, implementing more restrictive BYOD policies, using AI to identify vulnerabilities, and applying digital workflow tools to manage threats all the way from identification to mitigation and resolution.

Happy reading, and stay safe out there.