2021 was a record year for cybersecurity. From SolarWinds, which the President of Microsoft called “the largest cyberattack ever,” to Colonial Pipeline and the log4j vulnerability – it seemed like there was a new headline every week. Our Top Conversations in Tech reflected that, with cybersecurity staying in the top 10 for almost the entire year.
So, what do we expect in 2022?
Not just more of the same – but more threats, headlines and attacks if we continue to ignore the warning signs that are flashing all around us. We are only 20 days into the new year and already there was a massive attack against Ukrainian government websites which experts believe is part of Russia’s wider effort to undermine Ukraine’s sovereignty. Further, according to Symantec Threat Intelligence, it is believed that hackers were already in Ukraine’s systems for months prior to deploying their wiper malware. This modern warfare tactic is just a preview of what could happen to the U.S. if we don’t heed the warning signs.
Just this past week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) published new guidance aimed at all U.S. organizations, urging them to shore up defenses now in response to the Ukrainian wiper attack. This was the latest in a series of warnings from the agency, including one just prior to the attack aimed at U.S. critical infrastructure operators.
This doesn’t mean that the U.S. has been complacent in the face of potential cyber-attacks. Last May, President Biden signed an executive order that removed roadblocks so private sector companies can more easily share information with the government. Furthermore, Biden signed a memo earlier this month that requires federal agencies to adopt key cybersecurity practices. Despite these aggressive tactics, there’s more the government – and individuals – can do to protect digital assets.
In a recent study, Harvard Business Review found that many cybersecurity policy violations are driven by stress, not a desire to do harm. These small yet damaging violations can be avoided through small changes such as patching, strong passwords, and firewalls. Additionally, companies should provide cybersecurity training for employees to bolster internal defenses.
What this means for Media Professionals
For those who speak to the media regularly, you also have a role to play:
- Take the time to proactively work with your experts and hone your message. Know what you can offer and what value they can add to the larger conversation.
- Understand the role your organization plays within the larger cybersecurity industry.
- Stay on top of the latest cybersecurity developments, so you know when to offer up information and expertise. While breaking news can happen frequently, especially in cybersecurity, it’s important to not just jump on every opportunity. Understanding when to offer insights, and when not to can be critical to success.