Coloring outside the lines: The smart approach to risk mitigation

Some days it is hard to catch a break from the never-ending deluge of new threats and vulnerabilities. Let me be clear: it is not just the infamous cyber-threats that keep me awake, it is the full spectrum of people, process and technology threats to which every business is susceptible.

There is no doubt that the bad guys are constantly researching new ways to scan, attack, infiltrate and ultimately breach our organizations. They communicate well, share threat and exploit information effectively, and are very creative in their approaches. Every week there are several articles about organizations built on selling stolen payment card data. Like any well-run business, they effectively use outsourcing, partnerships, best-of-breed tools, and help desk technologies to maximize profits, while minimizing their business risks. Think about that for a minute.

The first time I heard about a crime organization actually having a “help desk” to assist other criminals to exploit legitimate business, it blew me away. We tend to think of the cyber criminals as secretive people hiding in dark rooms to avoid detection. It’s shocking to realize that some of these organizations exist very publicly, and are seemingly untouchable by law enforcement. They have become adept at learning to “color outside the lines.” There are few rules, and they rapidly adapt to new attack vectors when faced with an obstacle. If legitimate companies attract and retain customers by having a world-class customer service, why not a questionable organization?

 

continue reading »