Who does Cybersecurity affect? Part 2
The Other 6 Laws of Cyber Karma
“KARMA is a bad thing!”
Well, yes, it can be—especially if you’re referring to the “Karma” ransomware group. Karma is a new ransomware group, which emerged as a formidable threat back in June of 2021. The group’s focus tends to target random organizations in no particular sector. But with that conversation being reserved for a future post, here’s the other half of the “12 Laws of Cyber Karma”:
7. The Law of Focus
“We cannot think of two different things at the same time.”
For us mere mortals (read: “humans”), our brains are not wired to focus concurrently on individual, routine activities. But Technology is a whole ‘nother beast. A good cyber control (MDR, SIEM, IDS), can process millions of activities in the blink of an eye.
That means when you have the proper tools in place, your focus can be on other areas of your business.
8. The Law of Giving
“Our behavior should match our thoughts and actions.”
A good cyber defense usually means starting with identifying what is considered an “asset” to the organization, and then deciding how important it is—not just to the success of the business—but also the loss of it, should something happen. Cybersecurity, and how we implement a solid cyber practice, is often influenced by the level of awareness, tolerance and general “cyber-savvy” of the business leaders themselves.
And fostering an awareness of individuals’ actions when faced with the cyber-threat is an essential tenet needed to effectively address and mitigate an event.
9. The Law of Here and Now
“One cannot be present if they are looking backward.”
We have all heard the cliché, “That’s the way we’ve always done it.” In cyber, that phrase can lead to dire consequences. Cybercriminals are banking on the fact that most businesses operate under the assumption that A: “It will never happen to us,” and B: “We have never had to worry in the past.” But just because you aren’t aware of a compromise in your system doesn’t mean it hasn’t already happened.
The late great pioneer of Cobol, Admiral Grace Hopper, often reminded us of the dangers associated with static status quo decision-making. Is your business aware of 9and looking for), where the next big problem is likely to occur? No? You might consider doing so!
10. The Law of Change
“History repeats itself until we learn from it and change our path.”
Similar to #9, history tends to repeat itself, especially when those who are forced to repeat it do so because they continue to do the same thing over and over again.
When you have determined that your business operations need to be improved upon, perhaps to focus on some (any) particular area, the levels of change in how you perform certain tasks may be considered inconsistent and even disruptive.
Cybercriminals don’t like surprises, change or shifts in how business is conducted.
That’s a good thing!
11. The Law of Patience and Reward
“The most valuable rewards require persistence.”
This law applies to both sides of the equation. Cybercriminals can be very patient. Some cyber attacks may take weeks, months—even years to plan and execute. These extended attacks, called “Advanced Persistent Threats,” may include subtle changes that happen in a system over time, with each subtle change building on another, with the ultimate action taking place at some future date. Patience in defense is also something to consider.
When phishing simulation exercises continue to be deployed in an operation, the goal is for everyone to get used to recognizing the signs of trouble and ultimately to NOT click on those random opportunities for compromise. But getting your company or team to be consistently aware of and prepared for a cyber event (such as a phishing campaign), will take time, exercise, and review.
12. The Law of Significance and Inspiration
“Everyone has a value to give to the situation.”
Never underestimate the contribution a single individual can make to both the success and failure of an operation. Cyberattacks have become commonplace on the communications landscape. One recent report stated that somewhere in the U.S. is under cyberattack every 39 seconds. But if every individual could be just a bit wiser with their credentials, make their password just a bit stronger, and ask the question, “Why?” before opening that random eMail, the risk of compromise from a cyber-attack can be reduced considerably.
The old adage “It’s a balance between People Process and Products” when describing how to best implement a strong security defense may be true, but as any good leader will attest, everything starts with how the organization understands and believes in the objectives associated with protecting the business. And that’s just good karma!