The document discusses the increasing threat of cybercriminal activity, highlighting the importance of proactive cybersecurity measures for small and medium-sized businesses (SMBs) to avoid catastrophic outcomes. It emphasizes the need for a unified approach among IT security professionals, businesses, and authorities to combat cybercrime effectively, as well as practical steps that organizations can take to safeguard their data. Additionally, it points out that a significant percentage of breaches could have been prevented through better planning, preparation, and training.

1. 1 | PAUL ALLEN IT ADVISORY & RISK MANAGEMENT CONSULTANTS
cyber-security
Do your part.. Be the resistance!
During one of my Cyber Security information sessions for small business, I noticed
one of the attendees nodding while I explained the many issues businesses face
today with their information technology (IT). It turns out he is an IT Systems
Administrator who fell victim to a series of cyber-attacks – a true IT professional’s
nightmare! Luckily, the business took the necessary step to ensure disaster
recovery plans were up to date – in this case, the backup was fully functional,
stored off site, and disconnected from the IT infrastructure. What a sigh of
relief! So many SMBs start down the path of having a solid backup plan, but as
time progressed, employee turnover, and other factors, the backup plan, was
left forgotten and poorly managed – Just by taking these simple precautionary
measures, they saved themselves from a catastrophic outcome. Sure, they had
the inconvenience of taking the infected machine off the network, formatting it,
establishing the partitions and reinstalling using a most recent backup, but at least
they survived!
So many businesses who fail to be proactive suffer the consequences. Once
systems and data are compromised, individuals try desperately to decrypt the
infection from their devices with little to no success, – all hoping to salvage some
lost data all because they failed to be proactive with their defenses. With little to
no choice, some pay the ransom, only to find out remnants of the infection still
exists on the device and their business is now on a list as an ongoing target for
other Cybercriminal activity.
As the session continued, I found the business tried to involve the police – a rarity
as only 12% of businesses report Cybercriminal acts to authorities for fear it will
ruin their business reputation. Seems the authorities we not interested in trying
to investigate or pursue the Cybercriminal activity due to the inability to charge
and prosecute; so much for unified deterrents! No wonder Cybercriminal activity
is on the rise, it’s just too easy!
It’s a common story, told over and over again, inability to prosecute! It’s now
more than ever IT security professionals, businesses, agencies, and authorities
need to collaborate and function as a unified force, exchanging resources,
information, and intelligence to reduce the threat of Cybercriminal activities.
Cybercriminal activity on the rise, costing businesses billions each year! It’s
time we all did our part, taking a proactive stance to protect our data assets.
Cybercriminals are more aggressive and technically proficient - they are
professional, industrialized with well-defined organizational structures with
access to specialist skills, functioning like call centers. Their purpose is financial
gain, totally disregarding the repercussions of their actions. They are networked
and communicated and share information, virtually untraceable using the dark
web to hide their tracks. Threats from Distributed Denial of Service (DDoS) and
“ransomware” attacks are the threats of choice with ready to access, easy-to-use
tools that offer astounding profits through extortion.
Only 12% of
businesses
report
Cybercriminal
acts to
authorities
for fear it will
ruin their
business
reputation.
“
”
by Paul-Charife Allen BBA-IT Senior IT Security Analyst

2. PAUL ALLEN IT ADVISORY & RISK MANAGEMENT CONSULTANTS | 2
It’s
imperative
to have the
right network
appliances
and
application
security
solutions in
place.
“
”MATTHEW WITTEN
Information Security Officer,
Martin’s Point Health Care
With continuous exponential advancements of new technologies and the
shortage of the highly trained security professionals required, we see the
criminal intent advancing beyond the current abilities available to combat their
activities. The industry is currently fighting a war where the enemy is gaining
considerable ground, and the professionals are too busy dousing fires from
hardware and software manufacturers, releasing products well in advance of
arduous security testing. Many corporate level Cyber Security tools and all
rudimentary procedures are simply inadequate, with even the best-prepared
corporations are still feeling the hits.
Businesses, especially SMBs cannot sit idle waiting for that fix to save the day;
we all need to take the issues into our own hands, be the resistance, while the
army of security professionals gathers intelligence, build artificial intelligence
code bots, and regroup forces for its offensive.
proactive tips:
Planning, Preparing, and Training the Resistance
As the resistance, we can do our part to slow the process! Over 97% of all
breaches could have been avoided
• Take the necessary proactive approach to identifying the shortfalls in your
network and its procedures through IT Security Assessments and thorough
IT Security Audits.
• Implement recommendations from the IT Security Assessments or IT
Security Audits, producing a policy to reduce or mitigate IT and operational
risks.
• Review all IT hardware and software scoping the entire infrastructure
ensuring installation of all patches, firmware, and updates.
• Test to ensure the IT Security Plan meets the guidelines established in the IT
Security Audit.
• Employ a Unified Threat Management UTM System with Global Threat
Intelligence.
• Automate 24/7 monitoring and alert system to notify the correct resource
in the event of a breach to reduce response time.
• Educate all staff on the new policies applied regarding all IT security
concerns on all desktops, mobile devices, and applications utilization.
• Review all processes through Information Technology Review (ITR) meetings
to disclose discovered threat and possible future threats – Adjust policy and
procedure to reflect any adjustments.
Implement these simple steps; communicate and share all information with
your staff! Prepare for the worst, test for a disaster and educate your resources
to reduce or mitigate risk from all vulnerabilities and exploits.