Hacker threat represents growing strategic risk for companies

Alissa Abdullah, deputy chief security officer at Mastercard, speaks at Fortune's Most Powerful Women Summit in Laguna Niguel, Calif. on October 11, 2022.
Stuart Isett for Fortune

The pandemic virtually doubled Internet usage overnight in the U.S. and across the world. And the launch of the hybrid workplace hasn’t slowed things down at all.

In fact, usage is up another 30% this year, said Michelle Zatlyn, cofounder, president, and COO of Cloudflare while speaking at Fortune’s Most Powerful Women Summit in Laguna Niguel, Calif. this week.

The problem is: just as workers and people at home are using the Internet more, so are hackers.

DDOS attacks, which are designed to take down websites, were up 111% year-over-year in the third quarter of 2022. Other hacker attacks are on the rise as well. And any company that says it has completely shielded itself from those bad actors is lying.

“There is no winning. There is no losing. The battle is always going,” said Dr. Alissa Abdullah, deputy chief security officer at Mastercard. “When we think we’re winning, the adversaries are sharpening their knives and putting more bullets in their guns.”

The threat of digital intruders is higher than ever these days after Russia’s invasion of Ukraine. Recently, hackers tried to impact the operations of nine airports in the U.S., Abdullah noted. And while they failed this time, it doesn’t mean the attack is over.

“There hasn’t been a big bang, but the probes have increased,” Zatlyn said. “Everyone needs to be on a heightened security alert.”

Making matter worse? Most companies are hamstringing themselves by not taking advantage of diversity in their workforce. Some 25% of workers in IT and other tech jobs are women. Just 4% are Asian, and only 9% are Black.

“Most of the [hacker] traffic is not generated by humans—it’s generated by machines,” said Elena Kvochko, chief trust officer at SAP. “We’re seeing more and more automation. For us to even be on equal footing, we have to think how we can match that scale. We are unnecessarily crippling ourself in terms of the cyber workforce.”

“The adversary is not going to university to figure out cybersecurity,” Abdullah added. “They’re saying come one, come all, we’ve got the information on the dark web.”

The new breed of hackers are targeting basically every employee, using every trick up their sleeves to convince workers to hand over their credentials. And they’re remarkably effective, as they have found ways to wear down workers or utilize familiar technology, so it’s largely impossible to tell they’re on a phishing site.

“Assume something is happening,” said Lisa Edwards, president and chief operating officer at Diligent. “Nobody has a crystal ball, but all of us can say from a readiness perspective, ‘Do we know what our plan is [in case of an attack]?’”

So what can companies and boards do? One step is to hear directly from the chief security officer, rather than a filtered version of their thoughts. And if you hear of another industry being attacked because of, say, an open port, head straight down to your IT department and ensure that port is closed at your company, so hackers can’t reutilize their attack methods on you.

And, more than anything else, said the panelists, it’s critical to realize that this is more than just a computer security concern. It’s something that affects every aspect of the company.

“If you believe this an IT issue, your company has a problem” said Edwards. “This is an enterprise problem.”

Sign up for the Fortune Features email list so you don’t miss our biggest features, exclusive interviews, and investigations.

Read More

Brainstorm HealthBrainstorm DesignBrainstorm TechMost Powerful WomenCEO Initiative