Wednesday, July 9, 2014

Why Will Many Cybersecurity Initiatives Fail?

By James McFarlin

My July 1 post addressed the misdirection that ensues when an organization’s senior management awareness of cyber threats turns to anxiety, and that anxiety into fevered action.

Nothing will get a board of directors to the anxiety stage as quickly as seeing a high profile business face cyberattack-induced loss of competitive advantage, reputational damage, and financial consequences in the billions of dollars.

Therefore, preventing such anxiety-fed misdirection must take center stage as an organization forms its cybersecurity strategy.

What follows are three solid suggestions on how cybersecurity initiatives can be successfully formulated, as stated and practiced by the experts.

But I will warn you: There is a caveat, and it’s a big one, as you’ll see.

Wednesday, July 2, 2014

Are Corporate Boards Rushing into a Cybersecurity Void?

By James McFarlin

Don’t say they weren’t warned. The forecast in my September 7, 2013 article “Will 2013 Be the Year Cybersecurity Crashes the Party in the Boardroom?" predicted stormy cybersecurity seas ahead for corporate America.

A plague of inadequate cybersecurity strategies is now raining on board members across the land, thanks to the massive Target Stores 40-million credit card heist; the resulting blizzard of lawsuits and subsequent ousting of its CEO; and numerous similar cyber breaches on retailers. The circumstances are highlighted in the Wall Street Journal June 30th article, “Corporate Boards Race to Shore Up Cybersecurity.”

The forthcoming corporation reactions will inevitably risk plunging them into a vast cyberspace void, populated only by scarce technical resources, a mind-numbing array of software cyberattack “solutions,” and seemingly insurmountable executive vs. technical cultural and language barriers.

Here is what to watch for:

Friday, June 13, 2014

Cyberwarfare: A Predictable but Dangerous Future

By James D. McFarlin

Over the remainder of this decade, geopolitical and ideological forces will both govern the deployment of offensive cyber weapons and be shaped by the evolution and uses of such weapons.

There is no going back.

Wednesday, May 28, 2014

Why Isn’t Cyber Security Secure?

by James McFarlin

Target. Neiman Marcus. eBay. The New York Times. The U.S. Navy. The Federal Reserve. The list of organizations falling victim to cyber attacks recently continues to grow, with the number of reported security incidents rising from 2,989 in 2012 to 3,741 in 2013.

The severity is increasing, too, with the loss of customer information in some attacks reaching astronomical levels: 110 million accounts from Target, while eBay compromised up to 145 million customer records.

According to Forbes, the average losses per incident are also climbing at a rate of 23% year-over-year, with incident losses exceeding $10 million per occurrence. This is up 75% from just two years ago.

Due to a combination of factors, including timing, carefully selected targets, and increasing sophistication, attacks are becoming more successful, not less. These increases exist in spite of major increases in cyber security spending.

Wednesday, May 14, 2014

America on the Brink

By James McFarlin

America’s economic and national security in this digital age are centered much less around our ability to deploy advanced cyber weaponry - which it does well - than on how the United States positions itself and conducts its affairs geopolitically.

Why? Read on.

Wednesday, April 30, 2014

Giving Up the Beachhead: U.S. Cyber Defenses in Retreat

by Jim McFarlin

Data released from US-CERT shows that reported cyberattacks have increased tenfold since 2006. Combined with the rapid-fire advancements in attack methods, it’s clear that preventing breaches is becoming increasingly more difficult rather than easier.

Many organizations are thus shifting their attention and resources to mitigation - limiting and stopping attacks in progress - and to business continuity and recovery.

A recently released study by accounting firm EY entitled “Global Information Security Survey 2013” documented this change of cybersecurity focus. The report found that 51% of corporate executives surveyed had set their 2014 information security priorities in business continuity and disaster recovery, eclipsing their focus of 13% on information security risk management.

In other words, if the beach cannot be held, retreat to the next line of defense.

Monday, March 31, 2014

The Missing Element in U.S. Cyber Security

By Jim McFarlin

In the global picture, the recent Target cybertheft is but a reminder that America - all of America - is under attack.

Late last year, the U.S. Navy discovered that its computer systems had been breached and its communications compromised. Not only did the Navy not know for how long the breach had been occurring, but it took them four months to rid their networks of the spyware that had been imbedded.

Whether by cybertheft, cyberterrorism, or cyberwarfare, the critical systems that generate and distribute electricity, operate our financial markets, and command our nation’s military and defense forces, to mention a few, are all targets.

And, unfortunately, this is a battle we are losing.