“I think we are safe.” This is a statement I hear regularly from business and public-sector organizations that I talk to about cybersecurity. Usually it is after discussing what they are doing now with their IT staff. I find that IT staff are generally good at what they do and provide value to their employer, but they are often not fully equipped to handle the security landscape today. The threats come from various sources and sometimes can even occur as a result of an IT team. Often that is an accident, but sometimes it is suspicious (if not malicious) as well. In a recent case I encountered, the organization had recently let its IT manager go and, within a week, experienced a data breach and ransomware. Research found that full credentials for that terminated user showed up on the dark web just days later. The question is, how did those credentials land on a dangerous site at the same time as the termination occurred? Was the account of that individual disabled right away? Is it just chance?
Move past thinking you are safe: hire a team that can show you that you are safe. In technology there aren’t guarantees, but there are protections and procedures that keep our data and those we care about safe. Don’t ask if you are safe—ask what steps you will follow if a breach occurs. What are the steps to recover from ransomware? The answers to these questions reveal how safe you are. All the tools and systems can’t replace a team that is able to respond quickly and correctly when events occur. As a business leader or IT professional, find those who can partner with you on this journey.