2020 was not a good year by any metrics, and that includes cybersecurity. Collectively, the field ended the year on a terrible note with the solar winds hack. The consequences of this attack will surely be felt far into the new year, so it will be best to brace yourself for pain. This attack has shown us the complexity, dedication, coordination, and fearlessness hacker groups have today. The SolarWinds attack is likely just a first step in a plan to release chaos in cyberspace. Coupled with the trend of ransomware and the rate at which new technology is being rushed into the market thanks to the pandemic, cybersecurity’s outlook is grim.
The new year gives us as individuals and organizations a great opportunity to implement a new mindset. With the cyber landscape shaping up the way it is, I bid you adopt this mindset and allow it to guide you in your cybersecurity decisions. This mindset is to assume you will be hacked and prepare accordingly. The natural inclination is to think of only if you can be hacked, and this approach has proven futile and even disastrous.
In schools, for example, children and teachers spend time learning and practicing what they will do in the event of a fire. Little time is spent learning how to stop one. This is because even with best effort and practices, fires still have a chance of happening. What schools are effectively doing is decreasing the risk that is associated with a fire happening. This same principle can and should be implemented in cybersecurity. Just like schools take fire drills very seriously, organizations should conduct incident response exercises in the same fashion. The people involved, including management, should know the procedure for what to do in a cyber incident well enough that they can implement it from memory.
With this mindset, organizations may also be able to justify doing certain things to reduce their risk. These include purchasing tools meant to mitigate the risk of a hack, hiring professionals who can respond to an incident, and buying insurance to share the risk of a cyberattack. Of course, this will cost money, but you will be thankful for these things on your worst days.
As with anything in our lives, our success or failure is heavily dependent on our mindset and perspective. Yes, adopting this mindset to prepare for the worst can be hard, tiresome, and challenging, but I promise you, so is suffering from preventable damage in a cyberattack. I encourage you to always be mindful of how you view security and constantly try to improve your mindset. The success of your career or your organization may very well depend on it.