IT Security: The immediate threat of cybercrime

In the last couple years we have once again seen how truly vulnerable a lot of our digital architecture really is. Despite these reminders, though, a large number of companies still admit that they are not prepared to handle some kind of security breach, and many are even unaware that their system has been compromised or to what extent it has been damaged.

Even the president of the United States has gone on record to say that the “cyber threat is one of the most serious economic and national security challenges we face as a nation” and that “America’s economic prosperity in the 21st century will depend on cybersecurity.”

Because of these concerns, the Securities and Exchange Commission issued new guidelines that address what a company must do (and report) in the case of significant cyber thefts/attacks as well as when there is even a risk of it happening. Unfortunately, too many companies have yet to reach complete compliance with these regulations, and they remain open to a range of threats.

Recent major security breaches

In September of 2012, the Bank of America, Wells Fargo, US Bank, J.P. Morgan Chase and others were hit by a denial of service attack (by a group with suspected ties to Iran), which has been called the biggest cyber attack in history. The result was that many of these banks’ websites were inaccessible for more than a day. While none of them appear to have lost customer data or had their accounts compromised, it still highlights the fact that even the largest companies remain vulnerable to certain kinds of attacks.

A few weeks before these attacks, the social network LinkedIn was breached and around six million passwords were stolen. Before that, the Hong Kong Stock Exchange was hit by a denial of service attack in 2011 that forced the suspension of trading on some major equities.

One of the most famous security failures, though, was back in 2007 TJ Maxx was targeted by hackers who ended up stealing personal information for over 45 million customers. This was, perhaps, one of the most cautionary tales for other businesses because estimates said that the cost to repair the damage was around $200 million.

Improving our cyber resilience

Preparing to handle all the possible cyber threats can seem like a daunting project. The digital infrastructure needs to be built on a solid foundation, and our ability to defend against new and evolving attacks must be improved. Also, we have to plan for recovery, because whether or not the threat is from malicious activity, natural disaster, or a simple accident, downtime can be financially disruptive in many ways.

There are some best practices associated with building your cyber security that can help you avoid some of the most common threats.

  1. Change the focus from putting out fires to removing or protecting all the inflammable stuff before it has a chance to ignite. In other words, develop a plan for preventative rather than corrective procedures.
  2. Create a formal protection strategy and set your metrics to determine whether or not it is effective. This strategy should include regular testing of your protection solutions.
  3.  Set policies for detecting and preventing end users from using information and digital assets improperly.
  4. Centralize the management of security systems and set rules for reporting, monitoring, and administering the network.
  5. Set user privileges so that access is restricted to those who have an actual need.

Even when you implement many of these practices, there is still the question of whether or not the types of attacks are evolving and developing faster than the countermeasures.

Understanding the threat

Modern companies need to actively gather intelligence to understand the digital threats that face them every day. The source of these threats could be a “lone gunman” working from the basement, a corporate or government sponsored infiltrator, or just a network of people (“hacktivists”) that want to use your company to make a point. Companies are also facing a range of advanced persistent threats that can remain dormant on a system for days or weeks before causing problems.

It’s important to know what these threats really mean for your business because that’s when you’ll be able to formulate a plan and strategy to protect your company and information or how you will start the recovery process if the unthinkable happens.

Andreas Voss

Andreas Voss

Dell Contributor at Tech Page One
Andreas has written content on technology and programming for several years. He is currently running a community on enterprise IT security and also part of the content ops team for Dell.com.
Andreas Voss
Andreas Voss
Andreas Voss
Tags: IT Security,Technology
  • Dorian Flavios

    I hope Dell is practicing what you’re preaching, but I guess we;ll find out in a SEC filling next time you’re breached and decide to disclose it.

    Why give bogus advice? The President issued EO 13,636 this year and NIST is developing the US Cybersecurity Framework?

    Your customers need to follow that or some other established security industry security standard framework like ISO 27001, COBIT, or NIST 800-53.

    How about Dell follow the Cloud Security Alliance guidance for all of the SaaS companies that you acquired?