Tuesday, September 16, 2014

The Hidden Insurgency Imperiling America’s Cyber Security

By James McFarlin

As the world’s most advanced digital society, America possesses the world’s most vulnerable digital economy. Cyberattacks - many well known by now - keep invading our financial, retail and other sectors with no end in sight.

Trouble started to heat up when the credit card information of 40 million customers was lost during a cyberattack on retailer Target last December. Attacks quickly followed on Neiman Marcus and others, including the biggest data breach in Internet history against ecommerce giant eBay.

Most recently, retailer Home Depot reported a breach of its security systems in more than 2,200 U.S. and Canadian stores, as did banker JPMorgan Chase.

According to official data, the number of companies reporting cyber security breaches has more than doubled in the past two years to 1,174. No organization appears to be safe from cyberattack and theft.

America is in the midst of a digital crime wave that shows every indication of continuing at increased levels. That much is adequately reported by the news media – what’s not, though, are the harsh realities of these attacks:

  • Most organizations do not even realize they are being attacked, and many cyberattacks go undiscovered for months. The 2012 NASDAQ hack had been going on for two years. Reports indicate that more than 70 percent of companies being breached only become aware after being notified by an outside organization.
  • It is increasingly accepted that cyberattacks against corporate networks cannot be stopped, and the best that can be done is to limit the losses once the intrusion is identified.
  • Despite the fact that the information being stolen is theirs, customers are typically the last to know of a hack against a commercial organization. Crucial time is lost for those who might want to protect themselves by changing passwords, monitoring transactions or other means.

In a recent industry study of U.S. businesses, one-third of respondents indicated that they maintain no continuous monitoring of their networks against intrusions. What's more, 22 percent indicated they do no monitoring at all. The results? In the recent Home Depot customer credit card theft (estimated to be 60 million accounts), five months passed before the breach was noticed – and this is one of the five largest retailers in America.

No wonder class-action lawsuits are already being filed against Home Depot for negligence.

With the move to new payment systems such as Apple Pay and the Apple Watch, business opportunities are created but raise questions about data protections. Will security be there?

And who pays for the costs of these escalating attacks and the harsh realities they expose? Except for the occasional CEO departure (think Target) and revolving door losses of Chief Information Security Officers, it is the consumer who pays. To assume the costs for attack recovery, damages, lost information, legal expenses, new equipment and hosts of other costs comes out of the retailers’ or bankers’ hides is nothing but naive at its highest level.

The consistent theme in these attacks and trends? American industry has been quick to embrace the benefits of using the Internet as platform for running their businesses but have not deployed an appropriate sense of urgency in making its use secure. The forces of disbelief, denial and delayed action on cyber defenses pervade all too many organizations, and we are seeing the result.

We haven’t just met the insurgents. We are the insurgents.

("Firewall Antivirus Antispyware Post" by Stuart Miles/FreeDigitalPhotos.net)