Okay. We admit the title of this post is a gotcha. But it’s also relevant to cybersecurity. How? We thought you’d never ask.

Consider: If the earth were flat — and unless it was two-sided like a sheet of plywood — it would always be daylight because it would never turn away from the sun. We suppose, on the other hand, that if the earth were more like a flying carpet and the sun rotated around it, the top would be light at times and the bottom would be light at other times. This is exactly why we’re not astronomers.

But because we’re cybersecurity professionals — and even if we weren’t reasonably sure the earth is round (we are) — the fact is while it’s light here, it’s dark there (wherever here and there are) and vice versa. And that brings us to relevance.

Let There Be Light
There’s a common misconception that the majority of cyberattacks are undertaken at night. That’s not true. But even if it were, it means somewhere in the world, in broad daylight, bad dudes are working hard to hack your digital environment while you’re sleeping. Since that’s true, the reverse is also true: Somewhere in the world, under cover of darkness, bad dudes are working hard to hack your digital environment while you’re wide awake.

To us, it really doesn’t matter if it’s dark or light. We don’t want bad dudes breaching our customers’ digital environments at any time of day or night. That’s why we do what we do.

Here are a few more thoughts: Viruses and ransomware don’t carry watches. They don’t care what time it is or that the earth is round. Neither does risk. That’s why it’s constant. You shouldn’t care, either. Regardless of what time it is, breaches and data theft are devastating and costly.

The actual time of day notwithstanding, if your environment is hacked, it’s going to be 0-Dark-30 for you, your business, your reputation, and at least some of the companies with which you do business.

We grant our bias, but that’s not a risk worth taking, day or night.

It is now.

Some people think IT and cybersecurity measures inhibit or reduce the efficiency of their businesses. At one point, that may have been true. That was then. This is now.

Given the proliferation of hackers and the corresponding numbers of cybersecurity attacks, cybersecurity is now a necessity. It’s also a competitive advantage. Here’s why:

First, keeping your systems, your data, and other assets secure makes it easier for others to do business with you, especially those others are sharing access to their own systems, data, and other assets. Second, being certifiably secure makes it easier for you to get cyber liability insurance, which adds another layer of protection to your assets. Third, IT and cybersecurity protection also adds protection to your reputation. The last thing your business needs is publicity about cyber vulnerability, an attack, or the theft of data.

On the Fence

If you’re not sure about your business’s need for cybersecurity, ask yourself these questions:

  • What’s your data-exposure risk?
  • How much of your data or data about you do your partners possess?
  • Is it protected?
  • Does communication with your partners put you at risk?
  • Is their email access secure?

Evaluating and asking these hard questions creates at least four opportunities for you:

  1. You can turn cybersecurity into a competitive advantage by protecting all the data for which you’re responsible.
  2. You’ll engender the trust of your customers with your your ability to deliver on your commitments and to keep their data secure.
  3. You’ll be able to include a cybersecurity assessment or certification in your bids and proposals.
  4. You’ll qualify for more favorable cyber liability insurance premiums.

Cyber threats are a matter of when, not if. Even if you haven’t had any breaches yet, your business is under attack. But luck doesn’t last forever. And hope isn’t a strategy.

If you’re ready to secure your business from cyber threats, we’re ready to help.

Don’t leave your business or your customers at risk.

We don’t mean to be alarmist, but if you haven’t tightened up your cybersecurity, there may be millions of individual reasons to do so. Here’s one, from Ars Technica: “Hackers hammer SpringShell vulnerability in attempt to install cryptominers.” The article says this, in part:

Malicious hackers have been hammering servers with attacks that exploit the recently discovered SpringShell vulnerability in an attempt to install cryptomining malware … SpringShell came to light late last month when a researcher demonstrated how it could be used to remotely execute malicious code on servers that run the Spring model-view-controller or WebFlux applications on top of Java Development Kit versions 9 or higher.

If you’d like to read more about SpringShell vulnerability, you can start here.

It Doesn’t Stop There

Here’s another one from Ars Technica: “Hackers are exploiting 0-days more than ever.” That one is even more chilling:

Previously unknown “zero-day” software vulnerabilities are mysterious and intriguing as a concept. But they’re even more noteworthy when hackers are spotted actively exploiting the novel software flaws in the wild before anyone else knows about them.

Ouch. If you’d like to read more about zero-day vulnerabilities, you can start here.

And from Forbes, there this: “When Botnets Attack.” Brace yourself:

Cybersecurity attacks can come in many forms and with various technical approaches. Breaches are constant among industry and government being targeted. One method of exploit used by criminal hackers can be deployed with devastating and widespread consequences, botnets … Such orchestrated Botnet cyber-attacks are not new and have been going on for almost two decades, but they are proliferating and pose major threats. They are not only carried out by state sponsored intelligence actors, but also by organized criminal hacking groups.

Should you be scared by all of that? Yes. But not as scared as you should be if you don’t take the appropriated cybersecurity measures.

Bad News/Good News

The bad news there are bad dudes out there making very handsome livings by hacking systems for any number of reasons and many forms of data. The good news is you don’t have to risk being vulnerable.

If you don’t do it soon, it may be too late.

The money — and the business — you save may be your own.