Think Like the Bad Guys: How CIOs Can Plan for Future Cyberattacks

Think Like the Bad Guys: How CIOs Can Plan for Future Cyberattacks

On a recent vacation, my family and I went to Washington D.C. to visit all the great memorials, museums, and government buildings that represent a lot of the history of this great country. Two of our favorite museums were the Crime Museum and the International Spy Museum.

The International Spy Museum was filled with fascinating artifacts from throughout the history of spying in periods like World War II when Allied spies battled Axis spies for critical war-time advantage or the Cold War when American and Soviet spies battled for information that would provide the upper hand in the nuclear arms race. Interestingly enough, the last exhibit (and presumably one of the newer) was entitled ‘Weapons of Mass Disruption’. This exhibit was less about history and more about the realities of cyber-terrorism and cyber attacks we live with today.

Similarly, the Crime Museum was filled with fascinating artifacts from the age old battle between famous lawmen like Wyatt Earp and notorious criminals like Jesse James or Bonnie and Clyde. Again, the final exhibit was less historical and more about the present, focusing on today’s white collar ‘silent criminals’ or cybercriminals.

These museums not only show us the evolution of crime and terrorism over time but throughout much of history, the matching evolution of counter-crime and counter-terrorism. Why then, does it seem that over the past 10-15 years the art of counter-crime has stagnated while crime has continued to evolve? This is evidenced in the seemingly at-will security breaches we see in the news day after day, such as: Anthem, JP Morgan Chase, eBay, Home Depot, Target, and many more. The thought that my business is too small or the vertical my business is in is not of interest to hackers has also been proven wrong. Breaches have spanned businesses from financial, gaming, insurance, government, healthcare, education, social, retail, entertainment – and the list goes on.

The Reality about Cyber Attacks

In the past, a CIO’s main focus was how many servers do I need, or how big do my servers need to be to ensure that my infrastructure can handle all my consumers transactions or all my consumers data … the advent of high-tech in business shifted the ‘bad guy’ focus from criminals wanting to steal from my company to the new arch-enemy … ‘downtime’. While CIOs focused their technical guru’s attention on combating downtime the criminal mindset continued to evolve. CIOs must now designate equal or greater effort to evolving the way they combat cybercrime and cyberterrorism. On the bright side, there are already some great organizations and products out there like CENTRI’s that are not only geared toward helping combat cybercrime/cyberterrorism but dedicated to evolving to stay ahead.

So, when future exhibits are added to museums like the Crime Museum or the International Spy Museum, how will your organization be represented? Will it be one of the organizations that were victimized by now famous cybercriminal ‘masterminds’ or will it be one of those organizations that thwarted the criminals … and maybe even helped lead to their capture?

Thanks for reading,


About the Author Mike Mackey is the vice president of engineering at CENTRI, responsible for the continued development of the company’s data securit