BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

How And Why Businesses Should Strengthen Their Cybersecurity

Forbes Communications Council

Mark Roberts is CMO at TPx Communications, responsible for marketing worldwide, driving growth opportunities and building brand recognition.

It’s easy to sit idly by and watch world affairs unfold, but business owners should not ignore the threats half a world away and the potential risk they pose to their operations. World affairs and conflicts carry potential security ramifications, and businesses should no longer be passive observers.

Many cybersecurity experts have warned that bad actors could launch cyberattacks worldwide, especially in the United States. Their specific target is anyone’s guess, but there is no need to leave anything to chance. As marketers, we should always prepare our organizations for potential risks that could impact the customer experience.

I’ve previously highlighted the importance of businesses shoring up their security protocols, particularly around remote workers. The need extends far beyond team members working from home.

If companies haven’t already taken steps to beef up their security, now is the time to catch up. As the CMO of a company that offers managed IT and security services, I believe the organizations that haven’t prioritized their security are risking their futures.

Bad actors are already here.

Collectively, we tend to have a short-term memory regarding cyberattacks. Our attention to such incidents typically fades along with the news cycle.

However, we should keep in mind that bad actors have already targeted organizations in our country and worldwide.

The 2021 cyberattacks on the United Nations and Colonial Pipeline illustrated precisely how vulnerable even our most important assets are to stable operations. Consider that these organizations likely invest heavily in their cybersecurity, yet they are still vulnerable to an attack that could lead to reputational repercussions.

In February, the Cybersecurity and Infrastructure Security Agency (CISA) said, “Ransomware tactics and techniques continued to evolve in 2021, which demonstrates ransomware threat actors’ growing technological sophistication and an increased ransomware threat to organizations globally.”

To me, the most concerning part of the assessment is a finding that some bad actors had shifted their focus away from so-called “big-game” targets. Instead, they turned their attention to midsized companies to avoid scrutiny.

Will they be successful? Some companies may not know until it’s too late.

We can’t ignore the old threats as we prepare for the new ones.

Businesses have grown accustomed to the tried-and-true approaches that bad actors routinely employ. The idea of ransomware and phishing attacks is now ingrained in our lexicon, but that doesn’t mean we can allow ourselves to be complacent.

Yet companies often don’t take simple steps to shore up their defenses. Whether it’s maintaining up-to-date operating systems, making sure security patches are current or making sure team members use multifactor authentication, the basics can often thwart many bad actors.

Another integral tactic is teaching the entire organization about cybersecurity. IT teams should also review their security programs to ensure they meet or exceed industry standards, including National Institute of Standards and Technology (NIST) or Cybersecurity and Infrastructure Security Agency (CISA) controls.

Additionally, companies need to know the process to follow should they fall victim to a cyberattack, including deploying a comprehensive communications plan.

Yes, everyone could be a target.

Hackers are always looking to exploit a vulnerability, and an attack doesn’t have to be “imminent” for bad actors to seize the moment. Unfortunately, no one is out of reach of a bad actor, and their attacks can come without warning.

A business’s biggest mistake is thinking “we’re not high-profile enough; no one will target us.” I believe such a mindset is naive.

Even if companies have gotten lucky thus far by deploying that approach, it is no longer a sustainable strategy. Companies that don’t take the threat seriously are ripe for an attack.

In 2021, the FBI Internet Crime Complaint Center’s (IC3) Internet Crime Report stated that the agency received more than 847,000 complaints of suspected internet crime, a 7% increase from 2020 and a record number. Losses reportedly exceeded $6.9 billion.

The nefarious activities run the gamut, but the top complaints include the illicit use of cryptocurrency, ransomware and business email compromise schemes. Over the past five years, the number of complaints has exceeded 2.7 million and totaled $18.7 billion in total losses.

The world is a dangerous place. Unfortunately, those who want to do harm continue to evolve their approach, which puts the incumbency on every business to change their approach to prepare for the unseen.

No one can say when or where an attack might happen. Luckily, everyone has the power to control one element of a cyberattack: how to prepare the defense. And when should that happen? Now.

Don’t be a statistic in next year’s report on cybercrimes.


Forbes Communications Council is an invitation-only community for executives in successful public relations, media strategy, creative and advertising agencies. Do I qualify?


Follow me on Twitter or LinkedInCheck out my website