It is all over the internet. The best way to get your idea across is to tell a story.
In a Harvard Business Review article entitled “The Irresistible Power of Storytelling as a Strategic Business Tool”[i] we learn of the power of storytelling to drive emotional responses in us that WILL affect our behaviors (like a cuddly puppy making us want to buy more beers 😉).
One of the struggles with Cybersecurity is that no one WANTS to deal with it. It is not fun, it is not exciting and for most businesses, it is simply seen as additional overhead or a cost of doing business. On top of that, Cybersecurity can feel VERY complicated.
But everyone loves a story. So here are a few stories that might help us engage more effectively with the digital world around us and help us understand the threats that are very real.
In story one, we tell the tale of Michigan State University (MSU) – attacked by a ransomware group, known as Netwalker[ii]. Netwalker tweeted a threat on Wednesday, May 27 that they may leak sensitive data that they had gained from the compromised MSU environment. The data that they shared included copies of student passports and MSU financial records. Imagine if you are a student or family member of a student at MSU. Is Cybersecurity important to you?
In story two, the 64th biggest company in the world, NTT, disclosed a security breach which exposed the information of 621 customers. [iii] AN argument is often made that larger organizations are more prepared and can defend against these threats more effectively. Clearly the NTT story, like so many of these stories from the past, dispel that myth.
And in our final story, we hear of the largest hospital provider in Europe being affected by a ransomware variant known as Snake.[iv] The Fresenius Group is a major provider of dialysis services (upwards of 40% of the market). While public announcements from the Fresenius Group stated that patient care was not affected, what if it were? One of the side effects of the current COVID situation is that patients can have kidney failure and require these important services. At the time of greatest need, it could be cataclysmic for these services to be rendered unavailable.
These threats are real. Most can be defended against by taking basic precautions. One key precaution is to remain engaged and vigilant. I hope these stories can help us do just that.
Good luck and be safe,
Allen Jenkins, CISO