Businesses in the cannabis space look towards lists like the Fortune 500 as an aspirational goal.
They work with a product that sells as well as any other these industries offer, so why not shoot for the highest validation one can gain?
In theory, this makes sense.
But in practice, many of these cannabis operations still have plenty of obstacles to overcome.
One that’s often ignored is data security.
This is NOT an Unnecessary Cost
According to Peter Warren Singer, author of Cybersecurity and Cyberwar: What Everyone Needs to Know, 97% of all Fortune 500 businesses know they’ve been hacked. The remaining 3% merely don’t.
For that reason, every single mature industry has developed a cybersecurity strategy to manage these brand new data risks.
They simply cannot afford not to.
The 2017 Cost of Data Breach Report, compiled by IBM and the Ponemon Institute estimated the average cost of a data breach at $141 per record and $3.2 million per company.
By the time the clock strikes on 2022, worldwide spending on cybersecurity may reach $1 trillion to keep pace with the growing challenges aimed at global enterprise by several vectors:
- State actors such as North Korea and Russia
- The arrival of unsecured, easily hacked IoT-enabled devices onto global networks
- Explosive growth in the amount and sophistication of professional hackers
- The proliferation of “shadow IT” applications that lull users into a sense of false security, amongst many others
Of course, given the small size of so many cannabis businesses in the US and abroad, there are a lot of business owners that aren’t addressing data security. I suspect most don’t think it affects them since most aren’t running billion-dollar companies.
Moreover, considering compliances costs, the inability to utilize conventional banks, and lack of data security mandates, few probably consider such a thing to be an “unnecessary cost.”
They couldn’t be more wrong.
With Crisis Comes Opportunity
According to a recent Symantech survey, 43% of all cyberattacks targeted businesses with 250 employees or less. Of 43% that are targeted, half of them go bankrupt within six months from the initial breach.
The cannabis industry is maturing rapidly- which means that the true value of a cannabis business doesn’t lie in the quality of its raw materials, but in the IP and the branding and all of the proprietary meta-qualities that its assembled upon its product and processes.
In short, it’s their DATA. And that’s what a cyberattacker wants.
The Insurance Information Institute (III) estimated the average cost of a cyberattack for SMBs at $879,582. As well, the III set the cost of disruption wreaked by a cyberattack at $955,429.
Also worth noting is that in California, it is mandated that all businesses alert their clients of a cyberattack if it passes a certain threshold. Stiff fines are imposed if they don’t.
Just ask Uber, which attempted to cloak a damaging cyberattack by paying the ransom and writing it off as a “bug bounty” payment.
The bottom line is that cannabis companies give their competition an extraordinary gift when they have to alert their customers and clients that their Personal Identifying information was compromised because they couldn’t be bothered to spend the extra cash to protect their assets.
Of course, as with any crisis – and make no mistake, this is a crisis in the making – there’s always an opportunity.
A Very Real Threat
Most savvy business owners understand that they don’t have to handle all of their IT in-house.
The age of cloud computing is upon us, which means business owners can avail themselves of managed IT services that make secure data access to their crown jewels its business.
One of the few that has the capacity and the resolve to handle the data of cannabis accounts is GeekTek IT Services in Los Angeles, which recently unveiled a new encryption program designed specifically for the cannabis industry in the wake of the Cole Memo’s rescission.
According to GeekTek CEO Eric Schlissel, the cannabis industry not only needs to protect its data from malicious hackers, but hostile federal enforcement as well.
Too many cannabis business owners I’ve spoken to believe their data is safe because it’s ‘in the cloud,’ or that there’s ‘security in obscurity.’ Business owners are one improperly configured AWS account or lost iPhone away from having their entire network compromised. And now, with the rise of track-and-trace programs, the very same data that helps keep businesses compliant can and will be used against good actors in a court of law.
I personally do what I do because I want business owners to scale and succeed, and good data policies ensure that they will do so effectively,. Good preventative measures ensure cannabis business owners will overcome these challenges they face in the meantime.
Not every business owner in this space may be prepared to take on the services of a GeekTek, although they should if they’re serious about scaling.
At the very least, they should follow the bare minimum of cybersecurity precautions – 2-step factor verification, backups of all company data and installing the free program Ransomfree amongst them. And they should do this now, because rest assured, 2018 will bring with it even more bad news of data breaches. It’s inevitable.
In an effort to continue the strong growth and legitimization of the cannabis industry, I do hope cannabis business start taking this threat more seriously. Because make no mistake, this is a very real threat, and should be treated as such.
