Rock Products is the aggregates industry's leading source for market analysis and technology solutions, delivering critical content focusing on aggregates-processing equipment; operational efficiencies; management best practices; comprehensive market
Issue link: https://rock.epubxp.com/i/945171
26 • ROCK products • March 2018 www.rockproducts.com Many in the cybersecurity field used to lambast salespeople selling cyber- security tools that said, "Everyone is a target." The problem is that cybercrimi- nals have figured out an important new angle to their business model: compa- nies that don't have information that is valuable on the black market still have information that's valuable to the com- pany itself. The bad guys are finding a way into a company, encrypting as much data as possible, and then extorting money from you to get your own data back. And aggregates operations are not immune. In today's world, everyone is a target. That begs a common question, "How can I assess my actual cybersecurity risk?" The truth is that you can't. This is similar to assessing your risk of con- tracting a certain disease or of having a tornado damage your home. These things happen infrequently, and as such, it's impossible to say that a given com- pany will experience a cybersecurity incident of X dollars in total damage every Y years. One of the best ways to quantify your cybersecurity risk is to get quotes for cybersecurity insurance. For example, if your building's fire insurance policy costs $10,000 per year for $1 million in coverage, then the insurance com- pany thinks you will have a large claim on that policy less than once every 100 years. Otherwise they would lose money selling you the policy. In fact, they are probably guessing that you will have a large fire once every 500 years so that they make a good profit on the policy. If it costs $250,000 for the same coverage, your risk of having a fire is much higher than that. The cost of a cybersecurity insurance policy will help you determine the relative risk of a cyber incident in comparison to another type of business incident, such as a building issue (fire/flood), an oper- ational issue (the loss of a key executive in your company), or a liability issue of some sort. It's imperative to realize that regardless of size, reach and financial level, your company is a target for cybercrime. All that really matters is if a criminal feels there is a good return to be had on their investment of time and money. If your defenses are poor, then their effort level is low. If you have strong defenses, then the return must be high for the adversary to expend significant effort to breach your systems. Many attacks are non-specific. They search for a particular vulnerability across many companies and report back success. If you are found to be vul- nerable, you will probably be attacked. Criminals will try to monetize their efforts in many ways. Your data is valu- able to you, and they can monetize this via ransomware. Thankfully, ransomware and the cyber- criminals who use it can be stopped. They are looking for easy targets. All companies are susceptible, but with the right cybersecurity defenses, such as multi-factor authentication, a strong antivirus package, and a solid data backup routine, cybercriminals will deem your company too much effort to hack. This is your opportunity to make cybersecurity a competitive advantage for your company. Bryce Austin is the CEO of TCE Strategy, an internationally-recognized speaker on emerging technology and cybersecurity issues, and author of "Secure Enough? 20 Questions on Cybersecurity for Busi- ness Owners and Executives." With more than 10 years of experience as a chief information officer and chief informa- tion security officer, Austin actively advises companies across a wide vari- ety of industries on effective methods to mitigate cyber threats. For more infor- mation, visit www.BryceAustin.com. How Valuable a Target Is an Aggregates Operation to Cybercriminals? By Bryce Austin Bryce Austin • Accept that your company is a target of cybercriminals that would hope to profit from your success, either by stealing your valuable information, or by encrypting your valuable information and ransoming it back to you. • Assess your relative risk. The areas to take into account include company size, your industry, the number of countries you do business in (especially those known to support government-sponsored hacking), and the strength of your cybersecurity defenses. • Assess your own risk tolerance, assess the potential damage to your company that a hacker could inflict, and assess what cybersecurity countermeasures you currently have employed. If you employ strong countermeasures, your risk will be far lower than many of your competitors, even if putting an actual number on it is challenging. A Better Plan Of Attack