A Cyber Call To Arms

Stroz Friedberg is a specialized risk management firm built to help clients solve the complex challenges prevalent in today’s digital, connected, and regulated business world

You may believe that the FBI, the NCA, and Europol should be doing more to protect their respective citizens. Or you may believe they’ve already overstepped their authority, depending on your political point of view. But one thing you know for sure – with certainty – is that your cyber adversaries are winning the ground war and we need to find a better path forward. If the last two years taught corporate leaders anything, it’s that there are cyber criminals who are well-resourced and highly motivated to attack information networks: criminals, organized crime-rings, nation states, ideologues, disgruntled employees. So here’s my question: Shouldn’t you be pursuing them before they strike instead of waiting for the other shoe to drop? Hunting them down, every day?

Look at this Ponemon Institute study to see what happens when companies don’t proactively hunt for cyber breaches. Get ready. If you’re like me, it may feel like a gut-punch when you read it. For example, 46% of companies surveyed found out by accident that they’d been breached! Only 10% discovered their breach through proactive use of forensic methods and tools; about a quarter (23%) were notified by third parties, such as business partners, law enforcement agencies or even worse, customer complaints. What’s more, over half (53%) of the companies in the Ponemon research discovered the breach more than a year after it occurred (33%) or had no clue how long their enemies had free reign in their corporate networks (20%).

Call me a hawk: I believe companies should be on the cyber hunt – every day. It’s time to stop waiting to be victimized.

We know there’s been a clear shift. The issue now isn’t if your organization will face a cyber breach, it’s when (a refrain that is invoked far too often and is, frankly, irritating now, but there it is, I said it). Our cyber resilience team knows from experience that the battle is “won” not exclusively through prevention, which has become virtually impossible, but early detection. If an attacker is in your network three days instead of three months, you’ve won a battle and mitigated your damages significantly.

So please, whether you hire and train your own cyber forensics experts, or hire an outside expert, go on the hunt. Identify and thwart bad actors in your network before they have the chance to do serious harm to your company, your employees, and your customers.


Our lawyers don’t want to miss out on the fun and would like you to know that all of the posts are the opinions of the individual authors and don’t necessarily reflect the opinions or positions of Stroz Friedberg. The ideas and strategies discussed herein may not be appropriate for any one reader’s situation and are not meant to be construed as advice.

Risk Areas: Cyber

I am: In the C-Suite or a Director

Tags: forensics, cyber breach, cyber criminals



Commentary, new discoveries, and innovative ideas right to your inbox.

Stroz Friedberg

Sorry! You are using an older browser which is not supported by this website.

Please download one of these free browsers to enjoy all our website has to offer:
Firefox, Chrome or Internet Explorer.