• United States




Time to clean up our cybersecurity streets

Jul 25, 20163 mins
Data and Information SecurityData BreachInternet Security

By not acting, you are putting us all at risk

What if I told you that by not protecting your business against cyber-attacks you were being selfish?

Yes, selfish.

Being a victim of a cyber-attack or fraud isn’t just your problem. It’s everyone’s problem. Here’s why.

Many of the top cyber-security threats spread via compromised computers

Infecting a computer, then using it to spread the infection further isn’t a new strategy – it’s exactly how viruses have worked for decades. Today, compromised systems can have a greater impact than ever before.

Bot-nets are a group of computers that have been compromised and can be coordinated like a zombie army. They’re used to spread their own software, spam, viruses, ransomware, or perform denial-of-service attacks.

Your system can be part of a bot net, spreading spam or malware and you never know.

Having your website attacked no longer means hackers simply “crashing it” or defacing it. More often they’re much subtler. Imagine if they put a virus on it that spread automatically when someone visited. There is now ransomware that can do exactly that. No download required.  

With every victim, cyber-criminals are encouraged to do more

I remember a time when “hacking” was more about status than money. That’s changed.

The incredible “success” of Cryptolocker, which is estimated to have made more than $30 million in its first 100 days (in 2013) and $325 million overall led to a massive number of ransomware threats.

Stealing private information through social engineering has become so common that most of us laugh it off. Did you get a call from Microsoft or Dell telling you about a security threat on your computer? If people didn’t fall for it, the scammers would stop trying.

CEO fraud is one of the biggest financial threats right now. With more than $2 billion lost to fraudsters, every company should take notice and put appropriate controls in place. But most companies haven’t yet. Can you imagine being the CEO who lost $40 million or $50 million? Of course, for every whale there’s hundreds who lost a few thousand. Every penny earned by these fraudsters means they’ll continue trying.

Every time there is another victim, the criminals become more confident and the market gets larger.

It’s time to clean up our community

In many areas, people have gathered together as a community to clean up their streets, drive the drug dealers out, and make their areas better for everyone.

It’s time for us to do that with our businesses. Close the door on malware, shut down the bot-nets, laugh in the face of the fraudsters and scammer. And every time we do this, we reduce their power.

Yes, new attacks appear daily, but if you have a good security program in place, you’re at a much lower risk for being a victim.

Every business, from a sole-proprietor to international conglomerate, should have a security program in place. How the program is implemented will vary from business to business but the key elements are always the same:

  1.  The program needs to be driven from the company’s leadership
  2. An understanding of risks and security is integrated into every part of the business
  3. Everyone in the company receives security awareness training. They’re all part of the solution
  4. Security is a cycle, not a point in time. Your business and its threats are changing and your security needs to reflect that

As the leader, your first step is to get educated and start having the right conversations with your team.

It’s time to stop being selfish. Your community needs you to take the lead and secure your business and make hackers’ lives more difficult.


Mike Knapp is a partner at Incrementa Consulting, a boutique consulting firm focused on helping businesses be more successful. Mike is driven by challenges and leverages his expertise in security, project management, and technology strategy and operations to create scalable platforms for businesses.

During his career, Mike has worked with more than 60 businesses, ranging from startups to multibillion-dollar companies. His broad experience, combined with his ability to simplify complex technical concepts and communicate them to nontechnical audiences, has helped him become a strategic and technical adviser to CEOs and other executives.

Over the past decade, Mike has implemented security programs for companies ranging from startups to 100-year-old financial services firms. Those efforts include implementations of common security frameworks, such as PCI-DSS, ISO 27001 and SSAE-16, and dozens of compliance and security audits.

The opinions expressed in this blog are those of Mike Knapp and do not necessarily represent those of IDG Communications Inc. or its parent, subsidiary or affiliated companies.