August 2020 Update
With the advent of a “small global pandemic” – and the near universal move to “Work From Home” environments- the impact of Cyber Security threats has dramatically increased. Think “Cyber” was a risk to value previously? A trend we’ve seen is that not only has the pace of due diligence slowed as buyers become more cautious, but the amount of time and scrutiny put into cyber security and IT posture has definitely increased. – Dan Doran / August 2020
Cyber Threats are an Impact to Enterprise Value
As we kick off a new year we’ve been thinking about emerging trends in 2020 and one area that seems to be increasing at a meteoric rate is cyber risk. As valuation experts we spend much of our time thinking about risk and assessing its impact on enterprise value. Risk comes in many flavors – the usual suspects for SMB’s include customer concentration risks, key person reliance, etc – but the topic that we are thinking about increasingly is the cyber security risk.
We’ve collectively gone from thinking about “hackers” as bored high schoolers drinking Red Bulls in their parents basement to more sophisticated and organized efforts. Who can forget the Capital One Cyber Incident back in 2019? This cyber breach affected 100 million individuals in the United States, compromising Social Security numbers, linked bank account numbers and information from credit card applications. What is really alarming is the number of state and state-sponsored actors on the scene. The most recent “high conflict” dustup between the U.S. and Iran is in fact more likely to play out not on a traditional battlefield but in data centers and databases around the world.
The cyber security landscape is ever-changing. It is becoming exceedingly imperative for business owners to keep the importance of cybersecurity at top of mind in order to protect their assets they’ve worked so hard to build.
What You Should Be Thinking
So why should a business owner, even who isn’t in the IT space, care about cybersecurity?
Simple: it’s important to safeguard your systems and data in any business. In doing this, you’re not only safeguarding everything you’ve worked for, but you’re safeguarding the value of your business.
To do this, you need to have a battle drill in place. Take Daniel Chew’s advice:
“The first couple of steps is that you want to be able to identify where the problem originated from. Typically, you’ll want to look at your logs, systems and reports that your own internal systems are generating so that you can pinpoint where the problem started. That’s usually step number one.”
“Step two, you want to ensure that you’re preserving the data. This is because if you bring in a forensic specialist, you want to ensure that you haven’t tampered with the data in any way. As they’re going through their investigations, if you’ve tampered with the evidence, that might lead them to the wrong conclusion, and you may never end up catching the bad guy.”
The cybersecurity landscape continues to grow in threat numbers by the minute. With the recent conflict with Iran, U.S. government officials are warning that the new phase of hostilities will begin to shift into cyberspace.
Cybersecurity experts are already seeing malicious activity from pro-Iranian forces and are warning that they have complete capability to do real damage to American computer systems.
“The public should be prepared for worse, Christopher C. Krebs, the director of the Cybersecurity and Infrastructure Security Agency, said in an interview. Iran has the ability to not only access private-sector and government computers in the United States, but to ‘burn down the system’.”
As of right now, most of the activity thus far has been limited to anti-Trump threats on social media. However, this could very well be the calm before the storm.
Resources for Owners and Executives
Luckily, we got to discuss some of the main takeaways from this breach with Daniel Chew of CrossCountry Consulting on our podcast “The Deal – Unscripted” shortly after the Capital One cybersecurity breach.
“Threats today come at all angles for an organization. The most typical ones that we see are phishing attacks– and then insider threats is another big one.” Chew stated when asked about the most common attacks he has seen in his experience in the cybersecurity space.
Understanding the recent jump in cybersecurity threats is one thing but knowing the costs and what your battle drill should be when your cybersecurity is in jeopardy should be top priority for a business owner. Check out the rest of Dan Doran and Daniel Chew’s discussion on the cybersecurity considerations you should be thinking about.
Interested in learning more about the threats of today’s cybersecurity from industry experts? The Reston Business Advisory Council is hosting a presentation and Q&A discussion for business owners on “Cyber Threats to Your Business” on February 26th. Click here to find out more!