The Digital World Punishes the Passive™

The Digital World Punishes the Passive™

by Jay Harmon

If this conjures up images of prides of hungry Lions and exhausted Gazelle on the plains of Africa, then maybe we are getting your attention.

Passivity in the digital world produces predictable outcomes: Ransomware, Business Email Compromise, Intellectual property theft. There are threats lurking in the halls of our institutions seeking out the vulnerable, weak, and unprepared to take advantage of them.

On the one hand, so be it. The vacuum arising from their failure might be filled by a more capable organization. In the meantime, the loss of critical services (power, phone, water, internet), a ransomware attacks that force patients to be untreated or sent elsewhere by shutting down a hospital, or a 911 call that cannot make it through due to an outage will most likely create chaos.

This is critical infrastructure. And we all depend on critical infrastructure – this is why it’s deemed critical. But we forget how dependent we are on it!

We depend on the legacy, family owned, mom and pop providers, as well as the mid-sized corporations and the global behemoths to keep us connected. We are all in this together and we need our small providers as well as the largest to be secure so we can count on the service they provide.

So, why all of this and why now?

How many of you in the telecommunications industry feel you are on the radar of the Peoples Republic of China Military? How about the MSP that supports you? For some of you, this kind of threat has never crossed your mind. And it is evident by the approach to information/cybersecurity I see many under taking.

The threat is not in your face. It is silent and stealthy, and the IT team and MSP tell you they have everything covered.

They might, but are you sure? To make you less certain, read the selection below.

Excerpt from the U.S. Department of Defense

2023 Report on the Military and Security Developments Involving the Peoples Republic of China (CMPR):

PRC CYBER-ENABLED ESPIONAGE ACTIVITIES The PRC presents a sophisticated, persistent cyber-enabled espionage and attack threat to military and critical infrastructure systems through its efforts to develop, acquire, or gain access to information and advanced technologies.

OFFICE OF THE SECRETARY OF DEFENSE Annual Report to Congress: Military and Security Developments Involving the People’s Republic of China Detected PRC cyberspace operations have targeted telecommunications firms, managed service providers (MSPs), and software developers. Key U.S. targets include proprietary commercial and military technology companies and research institutions associated with defense, energy, and other sectors.

As an industry we know we may be up against serious threat actors that are betting on the fact that we will take the path of least resistance, that we want the easy button to work here.

Let’s choose not to be weak. Be diligent. Be vigilant.