No matter what industry you work in, technology is no doubt a part of your day-to-day business operations.
It is rare to find an industry, or profession, that doesn’t, in some way, shape or form, use technology.
In an effort to stay on top of trends, and provide our readers with intelligence to help you keep your businesses safe, Tampa Bay Business and Wealth reached out to some trusted resources to ask them the basic question, what is keeping you up at night?
Here are their responses, in their own words.
Chris Moyer Sr.
Founder, President and CEO
SME Solutions Group
Our customers, and prospective customers, are currently trying to figure out really what does the phrase “digital transformation” mean and what it entails? Digital transformation is not just about the technology, or the software, that they may need, or are currently using. Digital transformation also heavily includes the aspect of data governance, data integrity and data trust, as well as providing data literacy to those organizations who are truly focused on being data-driven.
SME’s core differentiator from other firms is that we understand the technology and we understand, and focus, on the business needs. We bridge the gap between IT and the business. There are many amazing products and software, available but there is no silver bullet product, or software, to fit all your technology and business needs. Many times, we see our customers have multiple needs. We help them determine, and assess, their software needs and how to get a return on investment from their business intelligence and data investments. We help them determine where they are in their analytics and data enablement roadmap. Often, we even help them build that roadmap from scratch to ensure we deliver certainty and positive business outcomes.
Ask [your] IT departments, chief information officers and chief technology officers, and all C-suite executives, what is keeping them up at night? Often, it has nothing to do with the technology. More often, it has to do with automating business processes, ensuring repeatable processes, verifying data integrity and trust and having a solid roadmap, and plan, to get where you need to be to beat your competition. At SME, we help our customers get to this state and lower their stress around digital transformation.
Dave Stafford
Chief Information Officer
PSCU
In financial services, and in most technology-focused businesses, the majority of critical risks are relatively controllable. Availability of processing systems, velocity and quality of software development, and support, to the organization, and its customers, can be planned and managed. However, the risk of compromise through cybercrime remains a major challenge across industries. While high-profile exploits of software providers, municipalities and national infrastructure grab the headlines, the vast majority of the successful attacks continue to focus on the human element. “Phishing,” or the practice of targeting employees to click a link and surrender their trusted credentials, remains the most effective, and frequently used, vehicles, to gain access to confidential systems and data. In fact, benchmarking shows that 90% of targeted attacks begin with a malicious email.
In some cases, the resulting attack can be as benign as using your domain to spam your employees and customers. In others, malware or ransomware is placed on your systems—which can have devastating results, ranging from monetary damages to a complete loss of your enterprise systems and files. The issue has become so pervasive that cyber insurance carriers have begun scaling back coverage, while also exponentially raising their premiums. Many have exited the space completely.
As with most human-centric risks, the primary defense against such exploits is vigilance, awareness and training. While detailed polices and advanced technical safeguards such as firewalls, intrusion detection and monitoring can mitigate many cyber risks, the weakest link continues to be the human element. Employees must be made aware of these malicious practices, trained to spot anomalies and provided with ongoing information about the evolving landscape. Optimally, a comprehensive, and ongoing testing process is also a key strategy to help reinforce these best practices. Results from these tests can then be used constructively to help pinpoint key weaknesses, highlight behavioral trends and identify those employee groups who may be particularly susceptible to these attacks. Advanced access controls, such as multi-factor authentication or requiring access to company systems through a virtual private network, can also help to bolster your defenses.
When it comes to phishing, some relevant questions to ask include:
• How is the company working to inform, and train, our employees to safeguard against phishing?
• Does the company periodically test the employees with simulated phishing exercises? If so, what is the propensity of our employees to identify these malicious emails or, conversely, fall victim to these tests?
• How are these test results socialized among the management team and our employees?
• What’s next? As the criminal element continues to make gains in their maturity, and sophistication, what’s the strategic plan of the company to stay ahead of these threats?
The bottom line is that an effective cybersecurity program is always a robust combination of people, processes and technology – but the “people” element remains the highest risk and least controllable component. Ongoing awareness, training and testing are critically important tools in your defense against cybercrime. ♦
