As if it didn’t have enough problems already, the City of Baltimore last week suffered a ransomware attack that has many governmental functions still being accomplished with paper and pencil (imagine the frustration of a normal visit to City Hall and multiply it by infinity). All home sales in the city are suspended during the busiest real estate season of the year, and the mayor predicts a “multiweek” restoration process.
A recent 60 Minutes segment profiled a similar attack on Atlanta, with damages that reached $20 million and the loss of eight years of police dash-cam videos. It’s safe to say that if either Atlanta or Baltimore were a for-profit business, they’d be on the bubble for survival at best.
Ironically, when the Baltimore news story broke I was in the office of our cybersecurity expert, and we marveled at the fact that businesses still seem to prioritize physical security: fences, entry systems, video surveillance and so forth. But our assets are increasingly held in digital form, and even though everyone’s heard the horror stories about ransomware and other malware many times over, few are moved to act before they have a big problem of their own.
We need a collective shift to a more proactive stance, and nowhere is this more important than in the cannabis world. Consider these scenarios across the industry:
- In a medical marijuana dispensary, patient information is at stake. That information needs the same critical protection as in a HIPAA environment.
- Every new addition to the Internet of Things (IoT) is another opportunity for hackers, and this puts growers right in the crosshairs. Imagine the results if a bad actor overseas took over an environmental control system or automated grow system.
- Nearly each new day brings news of another merger or buyout as cannabis companies expand and gobble one another up. These are opportunities to gain traction and revenue, yes, but also opportunities for the bad guys to exploit the weaknesses that come with merging disparate IT systems.
A cyber security process worthy of the name requires the right process and standards to be in place, and it requires a corporate culture and attitude that recognize the risks and prioritize the solutions. There’s no “perfect” in cybersecurity – the hackers are always doing their best to catch up – but just as the burglar is likely to skip the house with the Rottweiler in the front yard, the hacker will gravitate to the easier target. Don’t be that target.
We’re blessed to have the Baltimore-Washington area as our home base, because it’s also home to a large number of the world’s leading cybersecurity experts, thanks to all those three-letter government agencies. From the beginning, we at Brytemap have involved those experts in our product development, and in helping our prospects and clients navigate these challenges. It’s never been more important.