How to Fortify Your Cyber Strategy in the Wake of the T-Mobile Hack

We are one month into 2023, and another major cyberattack has occurred. This time 37 million T-Mobile customers were impacted by a “bad actor” who gained access to personal data, including names, addresses, emails, phone numbers, and more. The hack occurred in November, and T-Mobile hired an external cybersecurity team to investigate. The company now believes the hack is “fully contained.” 

The true financial and personal impact of this hack is unknown, but it’s never been more critical to discuss cybersecurity’s future. That’s because this incident comes on the heels of what many would call a turbulent year. 2022 was not only dominated by headlines of an economic recession and geopolitical tensions – there was also an ongoing stream of reports of cyber issues. The year started with shocking data just days after Russia invaded Ukraine in February that there had already been a 196% increase in cyberattacks on Ukraine’s government-military sector. From there, we saw an alarming number of breaches against U.S.-based enterprises, including Twitter, Fast Company, DoorDash, and more, not to mention international organizations. 

As a result, the global average cost of a data breach grew from USD $3.86 million in 2020, to $4.24 million in 2021, to an all-time high of $4.35 million in 2022. In 2023, the global annual cost of cybercrime as a whole could top $8 trillion, potentially reaching a whopping $10.5 trillion by 2025.

Cybersecurity quickly moved up to be in the top three priority items on the list in corporate board rooms in recent years. In 2023, it quickly needs to move to the top of the list. Executives agree, with two-thirds considering cybercrime the most significant threat in the coming year. And rightfully so, with another major trend in cybersecurity being increased regulation around reporting and data privacy, with the Federal Trade Commission, Food and Drug Administration, Department of Transportation, Department of Energy, and Cybersecurity and Infrastructure Security Agency all working on new rules starting in the middle of 2022. 

However, ensuring an enterprise is as secure as possible is easier said than done. Cybersecurity has gotten more complicated in recent years (a serious understatement). Enterprises have made strides in investing in technology, digitization, and innovation; at the same time, cybercriminals have been doing the same. IoT, cloud computing, and more have brought business efficiencies and processes into the next era, while also inadvertently exposing even larger attack surfaces and helping to facilitate increasingly sophisticated attacks. This will only continue as we usher in Web 3.0, AI, metaverse, and other new, exciting technologies that come with their unique unknown implications – quantum computing, for example, has already proved to have the potential to break security encryption keys, posing a significant challenge. 

Organizations need to take a more holistic approach to cybersecurity, protecting every aspect of the attack journey, from identification to prevention, to recovery. Here’s a guide for how to do exactly that:

1. C-suite leaders – yes, even the CEO – need to ask themselves: Am I aware of my company’s cybersecurity posture? Do I know how I’m positioned versus my industry peers? Am I aware of where investments will keep the company secure – and how are we preparing for what comes next as the bad guys continue to get smarter? This is no longer something to hand off to the CISO or IT teams and forget – if a breach occurs, top leadership needs to move in lockstep, in real-time, to curb the impact. With automation, companies can more quickly and cost-effectively identify the actual cybersecurity risk, sometimes reducing exposure time from 50 days to as little as three days, resulting in $82 million in potential savings. 
2. With a better view of where the most significant risks lie, investments can be made into appropriate solutions to prevent attacks from occurring. Consider a government agency, where employees have historically been asked not to bring their smartphones into the office. Tracking and listening can occur outside the physical office, which becomes especially important as hybrid work models continue to be prevalent across industries. Hardware in the form of an exocomputer can protect smart devices at all times – not just while people are in the office – from audio and video capture, location tracking, and remote wireless attacks. Another example is how voice can be used to prevent fraud in customer service and beyond. Our voices are as unique as our fingerprints, and companies need to harness that fact. AI can be deployed to not only get a caller to the appropriate call center rep – it can authenticate their actual voice, even with the ability to catch deep-fakes, which helped an up-and-coming player in the voice prevention field catch $2 billion in attempted fraud across 5.3 billion calls. 
3. All that said, companies need to be prepared if a breach occurs. While most hope to avoid this by focusing on identification and prevention, efficient and fast recovery is the final puzzle piece. With a single, centralized platform to secure data across the enterprise, in the cloud, and in SaaS applications, teams can more easily recover from attacks like ransomware, restoring servers and data sometimes in a matter of hours. There are also solutions out there now that stimulate hypothetical cyberattack events, allowing teams to test the sequence, timing, and potential weak points of their recovery strategy. 

The innovation needed in this new era of heightened cyber threats will be driven by startups, which historically can move with tremendous speed, positioning them well to keep up and stay ahead of bad actors. Enterprises should consider empowered partnerships with these innovators to build a security architecture that supports the other strides they have made recently in new technologies and next-generation solutions. 

As we continue to see more companies report layoffs, especially in tech, and pull back on spending in response to the uncertain economic climate, cybersecurity must remain at the top of the investment list in 2023. What’s more, investments in cybersecurity cannot one-and-done – there are so many aspects to staying secure that a holistic approach with investments across the board are vital. After this month’s T-Mobile hack, cybersecurity is more important than ever before. The time to ensure your company is completely covered is truly now or never.