Excerpt: 5 Things Every American Business Leader Should Do To Shield Themselves From A Cyberattack
I was interviewed by Tyler Gallagher at Authority Magazine on The 5 Things Every American Business Leader Should Do To Shield Themselves From A Cyberattack. This is a topic I am very passionate about. Here is an excerpt from the interview:
Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.
My career path in cybersecurity started when I joined the U.S Army Military Intelligence Corps in 2003. Everything changed when I read the book Future Crimes, by Marc Goodman. I realized that with the information age and the digitization of everything, our society will face legal challenges that our legislature and judiciary are ill-equipped to handle. I started reading more about cyber laws, warfare in cyberspace, and cyber threats, digitization, privacy issues related to data, and securing the internet. I went to law school, and eventually handled my first internet-related lawsuit about a software glitch in an online insurance application that caused the company to issue unauthorized insurance policies. This wasn’t the-run-of-the-mill kind of case where you look for the paper application, figure out who signed it and who approved it. This involved digital forensics and reviewing code, which all had real-world implications. At that point, I was thoroughly convinced I had found where I wanted to focus my career — cyber-related laws and cybersecurity.
For the benefit of our readers, can you briefly tell our readers why you are an authority about the topic of Cybersecurity?
I’m always a bit shy to toot my own horn, but not only am I a lawyer who has dedicated significant time on this topic, my background is in military intelligence, and I have advanced degrees in cybersecurity and digital forensics. Also, I have written about and been asked to discuss this topic on many occasions. In a nutshell, I have the legal and technical training as well as years of experience in this field.
Who has to be most concerned about a cyber attack? Is it primarily businesses or even private individuals?
Here’s is my simple answer — both! But, let me explain.
We have to think about why the bad guys are using ransomware or committing data breaches. According to criminologists, the obvious answer is money. Yes, there are state-sponsored actors who engage in cyber warfare or cyber espionage for other purposes, but ransomware and data breaches are typically linked to financial gain. With that in mind you have to think: Is it more lucrative to attack a company or an individual? A good analogy is: Why rob an individual when you can rob the bank. So, with that logic, businesses should be more concerned because they are the more lucrative target.
That being said, businesses can only operate through individuals — officers, directors, employees, etc. So, going back to my answer on vectors, the most common vector is to send phishing emails to individuals. That means the most common vulnerability is people — officers, directors and employees of businesses. It follows then that individuals should be most concerned because individuals are the means by which the bad guys will attack businesses.
Who should be called first after one is aware that they are the victim of a cyber attack? The local police? The FBI? A cybersecurity expert?
A cybersecurity expert! Yes, you will eventually call the FBI, your insurance company, and file a report with the local police. But, when you first realize that you are the victim of a cyber attack, you should be thinking about damage control: preserving your computer systems and mitigating the potential damage. There might be a way to prevent further damage or to restore the system. You don’t get that information from law enforcement; you get that from a cybersecurity professional.
For the complete interview, click here.
~ Florida Cyber Lawyer, Robert Stines, Esq., CIPP