Unfortunately, and out of necessity, organizations have accepted cyber risk as a cost of doing business. For years, business executives have repeated the mantra “it’s a matter of when, not if” in reference to cyber-attacks. But the range of motivations for cyber disruption has evolved and geopolitics has become an increasingly more important part of the risk equation.
Some of the most high-profile attacks over the last several years have been financially motivated, as evidenced by the surge in ransomware events. Others, however, have been the handiwork of sometimes teenaged hacktivists looking to prove their technical skills, as was seen in the 2022 Tesla, Samsung and Microsoft breaches. CISOs and cybersecurity executives have been keenly aware of and attuned to monitoring for these types of threats, which are largely random in nature. Bad actors are constantly scanning global networks in search of vulnerabilities, regardless of the company, sector or executives. Many threat actors also do their homework, honing in on companies that are perceived to be a “rich” target, meaning they appear to have the revenue and thus the motivation to make a ransom payment if the…
