by Jim Noble, Director, TAC International
It is no secret that over the last few months, there has been a torrent of cyber security stories hitting the press:
- Syrian Electronic Army takes down New York Times website for 24 hours because the Times ran an article on “US Military Options in Syria”.
- Booz Allen Hamilton, Edward Snowden’s employer, claimed that he had every right to access the sensitive government data in his role as systems administrator, and they couldn’t possibly have known of his support for WikiLeaks.
- In a three-year operation, hackers linked to China’s military infiltrated US defense contractor QinetiQ’s computers and compromised most if not all of the company’s research. QinetiQ makes satellites, drones, and software used by U.S. Special Forces in Afghanistan and the Middle East.
- Hackers routinely access the hard drives of the photocopiers in the airport lounges of Hong Kong airport, using the remote diagnostics port.
- A hacking gang targets vehicles being returned off-lease by CEOs, and downloads the contents of the on-board hard drive to get synchronized smartphone data.
- Motorola’s new smartphone Moto X just released this month will have an always-on listening mode. The hacking community responded by saying that they have been doing that routinely with most models of smartphones.
- Social Network passwords compromised – millions of IDs and passwords offered for sale on the Internet. Experts say that breaking your business password could take days, but that can shorten to seconds if the attacker knows your social network password.
Should the prevalence of cyber security stories worry your company or you personally? You bet it should! The scary thing is that even with all of the media attention, there are thousands of breaches taking place daily that do not show up in the news. In many cases the hacked companies and individuals don’t even know they’ve been compromised! The Director of the US National Security Agency said it best with this quote “You don’t know when they were there, when they left, what they took, and what they left behind.”
Let’s face it – there is no realistic way for you to prevent a determined attacker from stealing your sensitive data, other than stopping using your phones & computers. So get used to it; the cyber genie is out of the bottle and there is no way of putting it back. The sooner that you (and your company) get out of denial and accept that inevitable fact, the sooner you can start to do something constructive about it.
This awakening has already taken place in The White House, NASA, the Jet Propulsion Labs, Sony (PlayStation), RSA, The Wall Street Journal, Lockheed Martin, and the list goes on and on. What do they all have in common? They have all suffered numerous hacking attacks and have come to the realization that it would be both impossible and cost prohibitive to even attempt to completely prevent a recurrence, and so they have instituted mechanisms to detect and react to future events. These mechanisms take many forms and companies hold these secrets as highly confidential (if they were obvious, or made public, the bad guys would find a countermeasure quite quickly).
What are you doing to prevent security breaches? And is it enough?