The North American Electic Reliability Corporation (NERC) is an international regulatory organization that works to reduce risks to power grid infrastructure. They do this through the continual development of a set of regulatory standards in addition to education, training, and certifications for industry personnel.

Every business leader understands that, when it comes to cybersecurity, the stakes are extraordinarily high. CEOs tend to take notice when they read headlines about yet another big-name company being victimized by a massive data breach or about industry forecasts suggesting that the annual cost of crime losses and damage will hit $6 trillion by 2021. However, does that mean top business leaders have meticulously prepared their organizations for a virtual worst-case scenario? The short answer: No.

The evolution of the cyber threat landscape highlights the emerging need for organizations to strengthen their ability to identify, analyze and evaluate cyber risks before they evolve into full-fledged security incidents. When it comes to cyber risk mitigation, the terms “patch management” and “vulnerability management” are used as if they are interchangeable.

Many organizations are still struggling to fill out their digital security workforces. This task isn’t getting any easier with time, either. In a Tripwire-commissioned survey of 336 IT security professionals, four-fifths of respondents told Dimensional Research that they feel it’s gotten more difficult to hire skilled personnel since 2017.

Binance, one of the world’s largest cryptocurrency exchanges, has revealed that it is being blackmailed to the tune of 300 Bitcoin (approximately US $3.5 million) by someone who is threatening to release some 10,000 sensitive photographs of its customers. And in an attempt to identify its blackmailer, Binance has put a 25 Bitcoin (approximately US $290,000) bounty on their head.

The recent Tripwire blog ‘7 Habits of highly effective Vulnerability Management’ by Tim Erlin was a great read with some sage advice on the always relevant security topic of VM. I noticed, however, that although the seven points themselves were all Tim’s own, the title snappily paraphrased Steven Covey’s classic management book. This made me think.

About a decade ago, organizations were hesitant to adopt cloud solutions, with many citing security concerns. Fast forward to 2019, and 81% of organizations have a multi-cloud strategy, spurred on by the desire for increased flexibility, usage-based spending and desire to respond to market opportunity with greater agility.

Cybersecurity breaches and regulatory compliance are this year’s themes. Marriott was sued and fined $124 million for their data breach back in 2014, according to The Wall Street Journal. Capital One leaked 100 million credit applications including Social Security Numbers. Both LabCorp and Quest Diagnostics exposed millions of patients’ medical records.

When malware sneaks inside your network, it needs to communicate back to the internet whether to exfiltrate sensitive datasets it found, accept commands of its evil masters or even simply let them know it has successfully infiltrated your infrastructure (with ransomware being one of the rare exceptions that doesn’t need such connection).

Cybersecurity and cyber security awareness are critical to business survival in an era dominated by growing virtual crime. It might be true that most people know about costly identity theft and reputation-destroying network hacks. Organizations spend millions every year trying to defend themselves against cybercrime, but still, attacks seem to be more and more successful.