- John Michael Gross
Companies across the globe have been fighting cyber-attacks for years, but the sophistication, frequency and intensity of attacks is increasing.
Due to the skill level required to execute attacks, these attacks were previously focused on larger organizations as they represented the deep pockets necessary to finance a return. As the tools have become more ubiquitous, however, the targets have trended heavily toward small to midsize companies of less than 1,000 employees and $1B in revenue—where many environmental services companies live.
In this blog post, I’ll outline the current cybersecurity issues that you need to understand, how they can impact you, and what you can do as an environmental consultant or company leader to mitigate your organization’s risk.
There are many reasons why the environmental services industry is vulnerable to cyber attacks, but there are a few key issues.
There are a multitude of ways cyber criminals operate, but there are probably a few efforts you’ll recognize, such as:
The reality is that hackers are showing much more sophistication in not simply executing the above, but leveraging this into more complex and long life end goals where they monitor and learn your behavior to send false invoices into your AP department, request false direct deposit/bank requests into your finance department, or even attack your partners with false bank change information to siphon off your receivables.
In the next few years, every environmental services company and their partners will become victims to these attacks at some level. The question is what will they do today to either minimize or mitigate the challenges these attacks will impose?
As the Chief Information Officer at Cascade, I want to offer an overview of what my team is doing—so you know how we’re keeping our (and your) data safe, but also to provide a possible roadmap for your own organization.
At Cascade, our layered approach to protecting our company and our partners falls into four general areas:
Our employees’ identities (login) are the edge of network security and must be protected at all costs. The two easiest ways to build a strong identity program are to implement multi-factor (MFA) identification and to minimize the number of identities through single sign-on (SSO).
MFA identification is the single most straightforward way for you to protect the security of your organization. If you do not currently have this implemented, do so immediately.
Beyond that, we only allow systems that require MFA as part of our software architecture and we monitor the behavior of those identifications heuristically through SSO at both a behavioral and geographic level.
Like most companies today, we employ a number of endpoint tools like firewalls and anti-virus/anti-malware tools. It would be fair to say this is where cybersecurity ended for most companies just a few years ago. But as the threat vector has morphed, additional strategies need to be employed that focus on behavior and assumed breach, which leads us to other critical layers of protection.
The two areas above will provide a great shield but using the same mindset, we further employ proactive tools that monitor application and network behavior for aberrations and automatically respond to anomalies through both artificial intelligence and human research to ensure the integrity of the identities and behavior.
Layering with the identity protection, we assume that every connection request is not to be trusted and therefore subject to validation with the various layers that we employ. Too often, systems are designed around the convenience of access, not the optimization of security. By building a profile of our employees’ connection behavior, we can challenge abnormal devices, location and application behavior at a core level as employees identities access systems.
I hope this high level review of our strategy will help your company start its own journey to cybersecurity strength. The Cascade Information Services team is always willing to share our knowledge with you and partner to fight back against this increasingly sophisticated problem.
John Michael Gross
Chief Information Officer
John Michael Gross was appointed Cascade’s Chief Information Officer in 2017. He specializes in strategically realigning technology needs around core business processes and goals.
His diverse record of success across organizations ranging in size from startups to enterprises, as well as building and managing engineering, product, sales, and operations teams, gives him the background and experience to maximize the value of technology in a variety of areas.