Is the DoD’s new Cybersecurity Maturity Model Certification (CMMC) the future, or just another compliance initiative in the long line of competing cyber standards across a fragmented landscape. One thing is certain, this is a different approach.
Given our status as an affinity partner of CalCPA providing services to many CPA clients, we’ve had quite a few people reach out today with concerns about CCH cloud systems being down and the lack of communication from Wolters Kluwer. While there isn’t much, here is what we do know:
The American economy is in jeopardy, and most people don’t even know it. Small businesses account for 99% of all U.S. businesses. They employ 60% of Americans and are responsible for more than half of the United States gross domestic product (GDP). In 2015, 62% of all data breaches were of small to medium sized businesses per Symantec, and 60% of those businesses were forced to close their doors within 6 months of being attacked. These statistics are scary, and indicate we are one major cyber-attack away from an economic crisis. So how do we fix this?
A lot has been written about the WannaCry ransomware attack that spread through the globe beginning on May 12 of this year. Perhaps due to the clever branding of the malware, the reaction to WannaCry has been remarkable. Companies from help desk ticketing vendors to log management software developers have personally called me attempting to sell me their product or service on the basis of its ability to stop ransomware like WannaCry. I can only assume that these sales teams, armed with scripts and little actual knowledge of WannaCry or ransomware in general, have been effective in executing this scare tactic approach, otherwise I wouldn’t keep seeing it. Time to set the record straight.
In 2016, the Ponemon Institute completed a study on the “State of Cybersecurity in Small & Medium-Sized Businesses (SMB).” The study had many interesting findings, with highlights including:
- 55% of small & medium business suffered a cyber-attack in the past 12 months
- 50 % reported data breaches involving customer & employee information in the last 12 months
- 3 out of 4 reported that exploits have evaded their anti-virus solutions
The results align with what we see every day with clients that call us for incident response and recovery services:
Shopping for a laptop can be overwhelming. There are Chromebooks, Ultrabooks, 2 in 1s, tablets that act like laptops, laptops that act like tablets, and more! There are 5+ generations of processors made by multiple companies with different variations, sub variations and graphics cards. You must choose from a HDD, SSD or SSHD hybrid, decide how much RAM and of what type, and pick from a selection of wireless LAN cards that might as well be written in Latin. All together, we calculated an average of 23 separate decisions required when purchasing a laptop.
While the 23 decision points are important to the sophisticated technical decision maker, they can be debilitating to a small business owner that doesn’t know computers. That’s where we come in. We have simplified the process by reviewing and recommending one, and only one, laptop for the small business professional.
Resisting change is normal. We wouldn't be human if we didn't have an emotional, almost visceral reaction to major departures in the way things are done. You wouldn't be the successful business owner that you are if you jumped on every new product or service every time a sales person got you on the phone or showed up at your office. In fact, you'd be bankrupt and there would be no business left to run.
In the world of change, there is temporary and there is permanent. Successful businesses are able to identify the difference between "trends" and "fundamental shifts". They resist the flash in the pan trends, but when they see a fundamental shift, they not only embrace it, they lead the way.
So, which is cybersecurity?
One of the core criteria we often use when choosing where to live is safety. Given the choice, most of us don't choose to live in a dangerous neighborhood with a high crime rate. In the virtual world, we don’t have that same choice; we all live in a bad neighborhood when it comes to cyber. Whether it’s Beverly Hills, the Pentagon, or Rio de Janeiro, anyone can break into your systems at anytime and from anywhere. Unlike your physical house, you don’t have to be in the same zip code to break in. You don’t even have to be in the same country. All this in mind, we did a comparison between security in the physical world to that of the virtual world.