Blog

18 years ago today, I walked to our desk in the warehouse section of our good friends at E-Bis and the J2 Software journey officially began. Our young adult now has locations in multiple cities and service 600+ customers on 4 continents. When I think about it all I can say is that I am grateful.

Guided by a passion to Get Stuff Done and change the way people viewed security (it wasn’t called #cybersecurity back then) to help protect our customer’s information and prevent insider risks. It was going to be easy…… ah the naivety.

April 2006 when I proudly walked into that warehouse area armed with 2 laptops, a laser printer and a 3G data card the size of my left hand. Jason still had a month’s notice to complete at his previous employer so it would be a few more weeks before we got to share that desk and 3G card to get our message out to the world.

Jason and I would talk on the telephone after-hours as the first days flew by. Those were great times, difficult times, exciting ties. We were freezing in winter and melting in summer.

Driving in panic to Vereeniging for damage control as we learned by doing and boy did we do some celebrating on every win.

Back then we had customers who bought from us just so that they could stop people going to Facebook or playing Farmville and watching YouTube at work. It was a completely different time that feels like a 100 years ago, not only 18. The world has changed so much.

A successful cyber-attack takes several weeks to recover from. So, let’s be conservative and ask ourselves a few questions.

What would it mean in your business if you couldn’t trade for one week?

No data, no systems, no orders…CRISIS!!

It was just yesterday that most of the world was in lockdown, then today we look up and it is half way through November 2023. It sometimes feels like 3 years have been condensed into 1.

The Rolling Stones just released a new album, The Beatles have released a new song & both rushed to the top of the charts - it appears that history continues to repeat itself.

I will not go on about all the things that have changed, or the increased number of cyber attacks or improvements to cyber criminals methods, I will rather focus this article on the things that keep coming back, end of year scams.

While we wait in anticipation of the shopping frenzy that is Black Friday around the world and deal with the festive specials and Christmas music in stores (in November) keep an eye out for the #cybergrinch who will be trying to make this a year of losses.

Nobody will want to target us, we have nothing to steal. We are not important enough. We are not big enough. All our email is in the cloud, so we are ok. These are some of the excuses we hear from Small and Medium business owners when we speak to them about the cyber risk associated with their email systems. Yet they all know how to protect physical company assets, like a motor vehicle.

Is The Second Half of 2023 Your Time to Shine?

The last three years have proven that most of what we understand to be correct can be changed in days. Those restful days of small and incremental changes to the environment in which we operate are gone. We live in the time of hyper connected, rapidly changing events that we have no control over and even less chance of predicting. Whether it is global events such as war, pandemics or local events like flooding or massive inflation; the perfect storm of uncertainty has pushed us into the world of heightened risk and increasing attack surfaces.

Uncertainty drives many things including the ability of cyber criminals to use our fear to spread their attacks and tempting our trusted people to lean towards the dark side. We have seen a large number of insider driven attacks, many of which are accidental or negligent but a growing number of these start with the compromise of a trusted user. When seen as a victimless crime, many take the bait and provide access intentionally. The time of the super malicious insider is with us.

Without visibility and the capability to understand intent, you will only know something has been going on when your name is shining in the lights of breach notifications. Not the kind of shine most people are working towards.

I am constantly seeing and hearing more talk about the risk posed by insiders when it comes to business risk. The talk of insider risk and the threat to the business, threats to compliance and security has been amplified in recent weeks, yet very few businesses have any form of Insider Risk Management program in place. 

Why is this?

Do we not know where to start, or are we scared of what we might find?

Large and small business all show different levels of support or acceptance of the importance of insider threats. Sadly, the importance they place on these are totally worthless if only in words.

In the last couple of weeks we have seen reports of top secret government information being leaked/lost/copied on different sides of the Atlantic.