Not long ago, I heard FBI Director James Comey say, “There are two kinds of big companies in the United States. There are those who’ve been hacked … and those who don’t know they’ve been hacked.”
I took note and quietly patted myself on the back, knowing I’d taken precautions and thinking we were ahead of the game on this one.
But then I got the call every CEO dreads. It was a panicked employee who was about to send a screenshot of something they’d just seen on our intern’s computer. “You have 96 hours to pay a ransom or your data will be permanently locked,” the email read.
Fortunately for us, we had a cyber-incident response plan already in place, and I immediately put the plan into motion. As a result, we prevented calamity. Policy, process and practices were what saved us from an embarrassing and debilitating breach.
We got lucky. Putting a number to all of those victimized by cybercrime is difficult — if not impossible — but news headlines ranging from the Home Depot, Apple iCloud and Anthem breaches make it clear: This can happen to anyone.
There’s a new risk every day. As quickly as technology grows and changes, so do the threats. Even if you think you’re not at risk because you don’t store consumer data, realize that hackers may target you to access larger businesses you deal with through portals or electronic data exchanges.
Threats are not just consumer data or intellectual property. Everything is interconnected. If hackers access the plans to one component, it may be interchangeable and create vulnerabilities in other processes, divisions, intranets or extranets.
Threats aren’t limited to consumer data. Foreign powers and those willing to sell to the highest bidder can cause U.S. businesses to lose a competitive advantage on the global stage anytime a breach occurs.