Penny Wise Pound Foolish Organisations for Cybersecurity Protection

Penny Wise Pound
Foolish Organisations
for Cybersecurity Protection

WEME – Eugene Chung

Home » Blog » When Experts Meet Experts (WEME) » Penny Wise Pound Foolish Organisations for Cybersecurity Protection

Organisations for Cybersecurity Protection

With the advent of the internet, technology innovations and the increased usage of mobile applications for online transactions, has become an important part of our daily lives to a point where our mobile/cell phones are a necessity we cannot do without. As such, the rampant disruptions for online services indicate that there should be more protections and governance to be set in place to minimise Dos and DDoS, that is:

  • A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash.
  • DDoS Attack means “Distributed Denial-of-Service (DDoS) Attack” and it is a cybercrime in which the attacker floods a server with internet traffic to prevent users from accessing connected online services and sites.

Threat of cyberattacks is growing so much that more needs and requirements have to be done to educate businesses and users about risks in order to prevent widespread damage and disruption as a result of cyberattacks and incidents.

Ransomware attacks against utilities and infrastructure service providers, production facilities and hospitals have shown cyberattacks can have very real consequences for people and organisations being denied access to vital goods and services for days, weeks and months.

The most worrisome fact is, despite the risk posed by cyberattacks, many businesses and their boardrooms still do not fully understand the threats they’re facing from cybercriminals and how to best defend their networks against them. Do Not Fully Understand is an understatement. In my opinion, a good number of businesses do not really care and costs (high) is factored in their complacency. Unfortunately such ignoramuses/ignorami are a dime a dozen. Common and stupid questions asked the CIO/CISO/CTO such as why should we be spending such large amounts of money on expensive cybersecurity solutions when we have NOT been compromised before? When was the last time we were DOSed? (If the answer was NONE or a long time ago, the proposal is rejected)”.

It is not uncommon that cybersecurity is not ingrained into everyday operations and employees are only asked to think about it when doing yearly cybersecurity training, leaving companies at risk from cyberattacks, concluding that most of the education and training done were ineffective and organisations need to look into cybersecurity culture-building in organisations with their employees, is recommended but such an initiative will be an uphill battle and challenge to actively involve employees.

Cyberattacks or Hacking is not just about personal information or bank details stolen. The reality is cyberattacks are more damaging and costly, such as  ransomware attacks to data breaches or business email compromise (BEC) scams can cost organisations thousands, if not millions. These incidents are inevitable as critical infrastructure and vital services become increasingly connected to the internet, there’s the additional risk of cyberattacks causing widespread disruptions. Imagine for a moment a city’s power grid/electricity is cut off/disrupted and let us push our imaginations further that electricity power is down, not for a short period of 30 minutes or 1 hour, not even a day but for a few days to a week or so. The entire city (pick any like New York, London, Paris, Sydney or even Kuala Lumpur) would be in chaos with the city in darkness (when the sun goes down), hospitals, public transportations, traffic chaos, in hot/warm countries no air conditioning, in cold countries no heating. Total disaster. Ukraine experienced power outages in the dead of winter because of cyberattacks, and Russia was top of the list of suspects who initiated the cyberwar.

As stated, with the enhancement of IT, there is this IOT, the rise of the Internet of Things which means basic appliances and sensors are connected to the internet and if they are not secured properly, they will be another loophole cyberattackers can penetrate networks.

Stuart E. Madnick, Professor of lnformation Technology and Engineering Systems at MIT Sloan Executive Education, quotes:

Almost every product, except a brick, will have a computer in it, so the number of devices that can be cyberattacked is increasing exponentially”.

Back to the 6 million dollar statement that we know so well:

Bosses are reluctant to spend money on cybersecurity. Then their organisations get hacked.

This old school management does not seem to understand that preventive measures for cyberattack is more cost effective than being reactive to one. I have rant on this many times that many businesses are not willing to spend on cybersecurity protection as such preventive measures are viewed as additional costs and then, in an I-told-you-so moment, businesses then have to spend more recovering from a cyber incident after they have been hacked with ransomware.

I am baffled knowing that cyberattacks like ransomware, business email compromise (BEC) scams and data breaches are some of the key issues businesses are facing today but despite the number of high profile incidents and costly fallouts, many boardrooms are still reluctant to invest in cybersecurity measures necessary to avoid becoming the next victim. I am perplexed. I am further dumbfounded that the top guns of organisations are ignoramuses or just plain dumb (?) to ignore the fact that the cost of falling victim to a major cyber incident like a ransomware attack can be more costly than the cost of investing in the people and procedures to prevent incidents in the first place, something many organisations only then realise after it is too late. A costly slap or egg(s) in their faces.

Realistically, no one or organisation wants to spend unnecessarily but by being a scrooge resorts to being penny wise pound foolish which means, careful about small amounts of money but not about large amounts; used especially to describe something that is done to save a small amount of money now but that will cost a large amount of money in the future The plans to cut cybersecurity protection solution funding is penny-wise and pound-foolish.

Let us just look at the damage or costs when an organisation is hacked. An organisation will end up paying millions of dollars to ransomware criminals for the decryption key for an encrypted network. Do not forget about the additional costs associated with investigating, remediating and restoring the IT infrastructure for the whole business after the incident. Absence of cybersecurity insurance, the ransoms organisations are paying, could pay for cybersecurity professionals. Also note that cybersecurity insurance premiums are rising, resulting in high costs across the board for organisations.

In conclusion, personally I would like to see these complacent ignorami organisations get hacked, blackmailed with ransomware and then with their tails between their legs, no doubt blaming their IT departments for the damaging incidents, when the Board of these organisations, are guilty of their unfounded reluctance to implement much needed and valued cybersecurity protection solutions. They are the ones who have their heads in the clouds, and should be trained and educated at cybersecurity kindergarten level right up to advanced levels. Train them founders, CEOs, Managing Directors, Executive Directors and Board of Directors, top down rather than bottom up.

Who is Responsible for Cybersecurity? ArmourZero

Catch When Expert Meets Expert by Eugene Chung articles every bi-weekly Tuesday. Don’t forget to subscribe to stay connected. You are also encouraged to ask questions and seek advice from him.

Share this post

Related Posts

Cybersecurity translated into golf terms with Tony Smith

Cybersecurity: Achieving the ‘Hole-in-One’ of Digital Defence

Discover the connection between cybersecurity and sports with Tony Smith, Regional VP at WithSecure. Let’s achieve the ‘Hole-in-One’ of Digital Defense.

Read more

Beware of Scare Software aka Scareware

What is Scare Software or Scareware? Learn more about this Social Engineering technique that aimed to scare the victim with ArmourZero mentor Eugene Chung.

Read more

Job Hunting Tips for IT Graduates

Job Hunting Tips for IT Graduates

The job market is tough and competitive. Learn some tips on how to do job hunting for IT graduates from ArmourZero’s mentor and expert Ts. Saiful Bakhtiar.

Read more

Tips to Successfully Sell a Credible Cybersecurity Solution

How do Cybersecurity sales convince prospects to trust their services and/or products? Learn more about it from ArmourZero’s mentor and expert Eugene Chung.

Read more