#ISC2Congress: Businesses Suffer When They Put Cybersecurity Last
The most common mistake businesses make when it comes to cybersecurity is not implementing it from the get-go, according to Lares COO Andrew Hay.
In an exclusive interview with Infosecurity Magazine conducted today at the (ISC)² Security Congress in Orlando, Florida, Hay said that trying to retrofit cybersecurity was more costly than starting out with it in place.
"Security has always been an afterthought when going from servers to virtualization, and from virtualization to cloud. People think 'we have to get it there first and then we secure it,' and don't realize that they are making much more work for themselves by not getting cybersecurity to the front of the migration process," said Hay.
The veteran cybersecurity executive added that kicking cybersecurity down the road could mean that "by the time you're ready to resolve it, it could be too late."
And if Hay's predictions about how the threat landscape will evolve over the next couple of years come true, you're going to wish you had taken steps to protect yourself.
The industry analyst said: "I've done a lot of research into ransomware, and over the years I've seen more trends of ransomware emulating kidnap and ransom doctrine.
So, I think it's going to become far more physical where people are going to be held hostage, they will have loved ones taken and threatened instead of just 'give us money to unencrypt files.' It will be more extortion-leaning than just data recovery."
According to Hay, the evolution of ransomware into something more corporeal could be fueled by the growing cybersecurity insurance market.
He said: "If you think of all the kidnap and ransom insurance in the eighties and nineties, how everyone knew that companies would pay a certain amount, and you could just kidnap someone, hold them for three days, and make hundreds of thousands of dollars, the same thing could happen."
What society insures could in turn be affected by cybersecurity practices such as biometric authentication.
Hay said: "My first job was working in a grocery store, and part of the insurance plan showed you how much you would get if you lost a particular finger or thumb and there were different values assigned to each digit.
"If we are telling everyone that they have to authenticate with two or three fingers, do we need to insure those fingers more than other fingers?" Hay wondered.
As for the most common cybersecurity mistake made by individuals, Hay said it was to have a "password book" at home that anyone who broke into the house could access.
Source: Information Security Magazine