Trending

Filed under: News

 

The Year Ahead In Cyber Security: What You Need To Know

Dec 22 2013, 9:41am CST | by

The Year Ahead In Cyber Security: What You Need To Know
Photo Credit: Forbes
 
 
 

2013 was a watershed year for cyber security and digital secret-keeping. Revelations about the way our data is treated once it leaves our browsers and mobile devices, the actions of hacker collectives, the dismantling of the ostensibly bullet-proof Silk Road online marketplace, White Card scams, Megaupload’s reincarnation as Mega…

But what does the average business need to know about keeping others locked out of private affairs or business dealings?

Eric Friedberg – former computer and telecommunications coordinator for the U.S. attorney’s office of New York and co-founder of security consultant, Stroz-Friedberg – says the need for security is not in question, what’s worth thinking about is building your digital barriers in the most efficient manner possible. “For small to medium companies the challenge is normally budget.”

Companies on a budget need to focus on the most sensitive areas and place priority on protecting them. To that end it’s best not to skimp. “We’ve seen many a midsize company come close to extinction because a major attack happens,” says Friedberg. “After the fact they put lots of security in and you can be sure that in retrospect they wished they’d committed the budget that they didn’t think that they had before the attack.”

Small and midsize firms may wonder why hackers and cyberthieves would be interested in breaking into their systems but, according to Friedberg, one company’s money is just as green as the next’s, regardless of size. “If you have a small credit card processing firm, for example, the fact that it only has a million credit cards as opposed to 100 million—hackers are happy with a million credit card numbers.”

So what can you do to protect yourself? The first step, apparently, has nothing to do with security software at all. “We find that before you get to the technological vulnerabilities, the thing that makes companies weak is the lack of a good governance structure,” says Friedberg. “Governance structure meaning owning the cyber security problem at the very top of the organization; making budget and architecture and cultural decisions as a leadership group and then also having the proper balances and controls such as having a CISO (chief information security officer) as an independent voice to assess risks separate from the CTO function.”

Taking those kinds of steps saves a company CTO from feeling pressure to cut costs by downgrading the security system. “They don’t want to air problems that they have for fear of that reflecting badly on them,” said Friedberg. “They don’t commission really vigorous third party ethical hacking and penetration testing. I can’t tell you how many companies we go to where they just go get a cookie-cutter penetration test just to say that they did it and it sheds no light on their real vulnerabilities.”

The philosophy to adopt is one that assumes your company’s digital walls will be compromised at some point. To that end, a firm’s security system should include intruder detection and network segmentation that protects the most valuable data in a more fortified part of the network.

Hacking generally comes in four forms: state sponsored espionage, organized crime for financial gain, the insider threat and politically motivated hacktivists. In 2014, Friedberg does not see state-sponsored actions abating at all. Russian and Eastern European organized crime groups will continue to compromise banking and business security through Trojan Horse penetration programs. “It’s a cat and mouse game and these attackers are very smart, savvy and creative.”

Hacktivism may see a drop due to advances in the effectiveness of law enforcement, but the middle east could see an uptick due to political turbulence in the region. “We’ve seen increased activity every time one of those things flairs up,” says Friedberg. Insider threats are harder to gauge. “If anything it probably increases when the economy constricts because there are more layoffs and more disgruntlement and more destructive activity by insiders.”

Follow me on Twitter @KarstenStrauss 

Recent Cyber Attacks

Source: Forbes

You Might Also Like

Updates

Shopping Deals

 
 
 

<a href="/latest_stories/all/all/31" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.

 

 

Comments

blog comments powered by Disqus

Latest stories

Upload Unlimited Images To The Eyefi Cloud Service
Upload Unlimited Images To The Eyefi Cloud Service
These days it hardly seems possible to buy a camera that doesn’t have GPS, Wi-Fi or even a ‘Smile Detection’ mode built in… but do you really need all those extras? And what if you have a camera that is perfectly...
 
 
Time Travel with Google Maps
Time Travel with Google Maps
MOUNTAIN VIEW, Calif. (AP) — Trips down memory lane are now available on Google's digital maps. The new twist on time travel is debuting Wednesday as part of the "Street View" feature in Google's maps, a navigational...
 
 
Teri Polo Files for Chapter 11 Bankruptcy
Teri Polo Files for Chapter 11 Bankruptcy
The actress in Meet the Parents, Teri Polo apparently owes some people a lot of money. She has filed for Chapter 11 bankruptcy and will not be doing much shopping from now on.
 
 
Google Gets Pulled into Apple vs. Samsung Patent Case
Google Gets Pulled into Apple vs. Samsung Patent Case
There are a lot of interesting facts, presentations, and historical detail coming out of the Apple vs. Samsung patent case currently under way. It is also slowly reeling in Google’s flavour of Android into the spotlight...
 
 
 

The Hottest Photos of Victoria's Secret Fashion Show 2013

 

Viral Stories the Web