Data Under Attack: Cybercrime Increases Against the World’s New Natural ResourceOctober 19, 2016
Combating Cybercrime: Preventative Tactics and Early Detection
Like infamous criminals, the names of notorious cyberattacks have become part of the tech industry’s collective consciousness, earning catchy monikers like Stuxnet, Conficker and Operation Shady Rat.
Recently, in the midst of Verizon’s $4.8 billion deal to acquire Yahoo’s core business, it was revealed that at least 500 million user accounts at Yahoo had been breached two years ago, before the two companies began negotiations. Meanwhile, the FBI reports that the amount paid to ransomware criminals has jumped from $25 million in 2015 to $200 million in only the first three months of this year.
And it’s not just Big Retail (Target, Home Depot), Big Banks (JPMorgan Chase, Citigroup) or media (Sony Pictures, Washington Post) that are among the most frequent targets, but hospitals and public school systems too. Last February, the Hollywood Presbyterian Medical Center paid cybercriminals approximately $17,000 after negotiating it down from an original demand of about $3.6 million. As haggling continued over the course of a week with the ransomers, the hospital’s network was offline, causing staff to struggle without access to email and critical patient data. Nearly 1,000 patients had to be sent to other regional hospitals. The same month, South Carolina’s Horry County School District paid $8,500 in Bitcoin to cyberattackers after administrators were locked out of several servers when a ransom computer virus breached its system.
‘Ground Control to Major Tom, You’ve Been Hacked’
Last year, the British insurance company Lloyd’s estimated that cyberattacks cost businesses as much as $400 billion a year, a figure which includes both direct damage and post-attack disruption to standard operations. Other annual estimates put the figure even higher and dire prognostications indicate that this cybercrime wave will not abate anytime soon. Juniper Research predicts that the rapid digitization of enterprise records and consumers’ lives through the Internet of Things (IoT) and wearables will increase the cost of data breaches to $2.1 trillion globally by 2019, an increase to almost four times the estimated cost of breaches in 2015.
The World Economic Forum states that a significant portion of cybercrime goes undetected, particularly industrial espionage where the breach of confidential documents and data is difficult to identify. And if you’ve been following WikiLeaks’ ongoing dissemination of Hillary Clinton presidential campaign chair John Podesta’s emails, which the FBI attributes to bad actors possibly under Vladimir Putin’s influence — to say nothing about China’s troubling reputation for state-sponsored cyberattacks —you realize that no institution is invulnerable. Not even the little guy. According to Microsoft, 20 percent of small to mid-sized businesses have been cybercrime targets.
But if even NASA isn’t safe (proprietary software for the International Space Station was hacked by a 16-year-old back in 1999), who is?
In the words of Ginni Rometty, IBM Corp.’s Chairman, President and CEO, “We believe that data is the phenomenon of our time. It is the world’s new natural resource. It is the new basis of competitive advantage, and it is transforming every profession and industry. If all of this is true — even inevitable — then cybercrime, by definition, is the greatest threat to every profession, every industry, every company in the world.”
Enhance Readiness, Accelerate Response and Hire Black Hats
It should come as no surprise that cybersecurity experts are no more forthcoming about how to subvert cyberattacks than your opponent is willing to show you his or her hand during your friendly neighborhood poker game. Most cybersecurity experts will allow, however, that companies need to become more skilled in protecting their assets by understanding the fundamentals of cyber security and use this knowledge to make better choices when purchasing cloud products or applications off-the-shelf, for example.
Additionally, because data is often stored in many different places, firms need to become aware of how their data is managed and secured before a data breach can affect their customers, vendors or partners. In fact, high-profile attacks reveal that malicious hackers often target third-party vendors and supply chain partners as a backdoor into their primary target.
All cybersecurity experts agree that there is a narrow window of opportunity to prevent a security incident from becoming a full-blown organizational breach. An initial compromise does not have to result in the loss or destruction of high-value data. The key to a robust security strategy is to enhance readiness, accelerate response and initiate sustained resilience. Such an approach facilitates early detection, providing security analysts with the opportunity for rapid response and remediation, even during an attack. Tactical components include the ability to leverage signature-based and preventative defenses, reinforced by vigilant monitoring and response capabilities.
A controversial method of buttressing cybersecurity falls under the “If you can’t beat ‘em, hire ‘em” HR approach. Many cyber defense firms, government agencies and even enterprise IT departments are now hiring so-called reformed Black Hat hackers. The term refers to a hacker who, unlike his White Hat brethren, who may have altruistic motives…well, is up to no good.
The logic is sound: Black Hat hackers typically have extensive knowledge about breaking into computer networks and bypassing security protocols. When it comes to network intrusion, they have big game experience playing offense, while the typical IT pro knows only about playing defense.
The hiring organization, mind you, just has to trust that they don’t one day lose the reformed Black Hat to free agency.
Telehouse, through a strategic alliance with Above Security, offers technology expertise and consulting personnel to provide Network Monitoring and Vulnerability Assessments. These services are designed to protect the overall integrity of your critical assets 24/7/365.