Tuesday, October 28, 2014

China’s Cyberespionage against the U.S. Is Just the Opening Gambit

By Jim McFarlin

The world is becoming increasingly hostile. The evidence is mounting: struggles with ISIS in the Middle East; Russia’s adventurism in Ukraine and the California coast; Iran’s nuclear bomb; and China’s aggression in the South China Sea, not to mention her new boomer subs.

Of these, China’s aggression is perhaps the most subtle -- and most concerning.

Thursday, October 2, 2014

Jihadists to America: Cyberattacks Are Coming

By James McFarlin

The 9/11 Commission’s authors placed primary blame for the success of the attacks on “a failure of imagination.” America’s intelligence agencies, with all of their resources, did not awaken to the gravity of such a threat to our nation until it was too late. The authors recently reprised this conclusion in an updated 9/11 Report assessment with a fresh warning:

“We must not repeat this mistake in the cyber realm.”

But if we do not wake up – and quickly – to the very real threat of 9/11-class cyberattacks against the United States, we may soon find ourselves reliving the nightmare of 9/11 all over again.

Tuesday, September 16, 2014

The Hidden Insurgency Imperiling America’s Cyber Security

By James McFarlin

As the world’s most advanced digital society, America possesses the world’s most vulnerable digital economy. Cyberattacks - many well known by now - keep invading our financial, retail and other sectors with no end in sight.

Trouble started to heat up when the credit card information of 40 million customers was lost during a cyberattack on retailer Target last December. Attacks quickly followed on Neiman Marcus and others, including the biggest data breach in Internet history against ecommerce giant eBay.

Most recently, retailer Home Depot reported a breach of its security systems in more than 2,200 U.S. and Canadian stores, as did banker JPMorgan Chase.

According to official data, the number of companies reporting cyber security breaches has more than doubled in the past two years to 1,174. No organization appears to be safe from cyberattack and theft.

America is in the midst of a digital crime wave that shows every indication of continuing at increased levels. That much is adequately reported by the news media – what’s not, though, are the harsh realities of these attacks:

  • Most organizations do not even realize they are being attacked, and many cyberattacks go undiscovered for months. The 2012 NASDAQ hack had been going on for two years. Reports indicate that more than 70 percent of companies being breached only become aware after being notified by an outside organization.
  • It is increasingly accepted that cyberattacks against corporate networks cannot be stopped, and the best that can be done is to limit the losses once the intrusion is identified.
  • Despite the fact that the information being stolen is theirs, customers are typically the last to know of a hack against a commercial organization. Crucial time is lost for those who might want to protect themselves by changing passwords, monitoring transactions or other means.

In a recent industry study of U.S. businesses, one-third of respondents indicated that they maintain no continuous monitoring of their networks against intrusions. What's more, 22 percent indicated they do no monitoring at all. The results? In the recent Home Depot customer credit card theft (estimated to be 60 million accounts), five months passed before the breach was noticed – and this is one of the five largest retailers in America.

No wonder class-action lawsuits are already being filed against Home Depot for negligence.

With the move to new payment systems such as Apple Pay and the Apple Watch, business opportunities are created but raise questions about data protections. Will security be there?

And who pays for the costs of these escalating attacks and the harsh realities they expose? Except for the occasional CEO departure (think Target) and revolving door losses of Chief Information Security Officers, it is the consumer who pays. To assume the costs for attack recovery, damages, lost information, legal expenses, new equipment and hosts of other costs comes out of the retailers’ or bankers’ hides is nothing but naive at its highest level.

The consistent theme in these attacks and trends? American industry has been quick to embrace the benefits of using the Internet as platform for running their businesses but have not deployed an appropriate sense of urgency in making its use secure. The forces of disbelief, denial and delayed action on cyber defenses pervade all too many organizations, and we are seeing the result.

We haven’t just met the insurgents. We are the insurgents.

("Firewall Antivirus Antispyware Post" by Stuart Miles/FreeDigitalPhotos.net)

Saturday, August 30, 2014

The Second Internet Era is Here and it's Not Pretty

By James McFarlin

The world has turned. Corporate boards everywhere are suddenly demanding top-priority attention be given to the now-soaring business risks from cyberattacks. Over the past few months – virtually overnight in today’s era of instant everything – the rules and risks of living in today’s digital-powered environment have changed forever.

I forewarned of this looming eventuality in my September 7th, 2013 post, “Will 2013 be the Year Cybersecurity Crashes the Party in the Boardroom?

Less than a year later, predictions have become reality.

Wednesday, August 6, 2014

When Will U.S. Cyber Alarms Match Its Cyber Threats?

by James McFarlin

Former Secretary of State Madeline Albright recently stated “the world is a mess.” And indeed it is. From Russia’s stoking of a war of insurrection in the Ukraine to the Israel-Hamas war to conflicts in Syria, Iraq and throughout much of the Middle East and North Africa, large swaths of the world are at war.

But it is instructive to place such events in perspective. In spite of the significant dangers they pose, these conflicts offer but a prelude to even the greater threat to America’s national security which emanate from the increasing worldwide proliferation of cyber weapons.

Why? Because these conflicts, no matter how loud, are still like distant thunder; in the world of cyberattacks ground zero is America’s critical infrastructures and ultimately, our way of life.

Wednesday, July 9, 2014

Why Cybersecurity Initiatives Fail

By James McFarlin

My July 1 post addressed the misdirection that ensues when an organization’s senior management awareness of cyber threats turns to anxiety, and that anxiety into fevered action.

Nothing will get a board of directors to the anxiety stage as quickly as seeing a high profile business face cyberattack-induced loss of competitive advantage, reputational damage, and financial consequences in the billions of dollars.

Therefore, preventing such anxiety-fed misdirection must take center stage as an organization forms its cybersecurity strategy.

What follows are three solid suggestions on how cybersecurity initiatives can be successfully formulated, as stated and practiced by the experts.

But I will warn you: There is a caveat, and it’s a big one, as you’ll see.

Wednesday, July 2, 2014

Are Corporate Boards Rushing into a Cybersecurity Void?

By James McFarlin


Don’t say they weren’t warned. The forecast in my September 7, 2013 article “Will 2013 Be the Year Cybersecurity Crashes the Party in the Boardroom?" predicted stormy cybersecurity seas ahead for corporate America.

A plague of inadequate cybersecurity strategies is now raining on board members across the land, thanks to the massive Target Stores 40-million credit card heist; the resulting blizzard of lawsuits and subsequent ousting of its CEO; and numerous similar cyber breaches on retailers. The circumstances are highlighted in the Wall Street Journal June 30th article, “Corporate Boards Race to Shore Up Cybersecurity.”

The forthcoming corporation reactions will inevitably risk plunging them into a vast cyberspace void, populated only by scarce technical resources, a mind-numbing array of software cyberattack “solutions,” and seemingly insurmountable executive vs. technical cultural and language barriers.

Here is what to watch for: