As a regular reader of my column you know that I have been talking about cybersecurity a lot during the past 18 months, and with reason. Sadly, corporate security breaches have reached an all-time high. What’s even more disturbing is it appears we are losing control of our cybersecurity. But the real question is did we ever have control of our cybersecurity?
In mid-February we were all talking about how the U.S. Central Command’s Twitter account was the latest victim of an ISIS hack. However, it really was the Sony Pictures breach that raised the most eyebrows—or at the very least it brought the seriousness of the problem to corporate America and demonstrated the damage that can be done. These attacks follow a barrage of breaches on major retailers such as Target, Home Depot, Neiman Marcus, Staples, and even financial institutions JP Morgan Chase.
All of these organizations are still reeling from the sting of their security holes. Once a breach occurs the expense is enormous and the register just keeps on ringing as the bad guys continue to rack up profits as they create immeasurable havoc on businesses and consumers’ lives. It doesn’t take a security analyst to recognize that today’s hackers are a diverse bunch, from lone individuals to nation-state cyber sponsored warriors to organized cybercrime rings.
Let’s not kid ourselves, many executives of leading Fortune 1000 companies are still living in a bubble or are they just kidding themselves and their customers if they believe they have a handle on cybersecurity. Just ask any security expert and he or she will be the first to admit that cybercrime has become a runaway train globally and most corporations simply have no idea how to stop the locomotive.
In fact, we are in crisis mode as a nation. Despite what these companies might say publicly, though, most executives are still more focused on running their corporations than really delving into the crux of the crisis, regardless of what they tell themselves. And it’s for this very reason so many companies are struggling to combat sophisticated and vicious cyber attacks.
What’s more, most Americans believe they are losing control of their own personal information. While this has yet to stifle innovation, there will come a time when consumers cease to support innovation simply out of fear. While some experts predict corporate America will be investing in cybersecurity heavily, predicting the market to reach $109 billion by 2020, how much will be lost due to the increased cyberattacks within the next five years?
As a result of these cyber concerns, during his annual State of the Union address, the President was very clear that protecting consumers’ data from getting into the hands of the bad guys is a key priority for the nation going forward.
Proposed laws will soon mandate that when the discovery of personal information is breached as a result of a hacker, companies must notify customers that are directly impacted by the breach within 30 days of discovering the unwarranted entry. Until the President stepped up to the podium, information revealed to a customer had been dependent on geography. But the President has made it clear that he wants to put an end to this piecemeal approach by requiring a single federal mandate making all states follow the same rules and regulations when it comes to consumers’ personal information.
This legislation will create a national standard for notifying American consumers if and when their personal and/or financial data has been compromised. The proposed Personal Data Notification & Protection Act “clarifies and strengthens” what companies need to do during and after a data breach, including, as I mentioned, notifying their customers within 30 days of the discovery.
Revised legislation in the form of a Consumer Privacy Bill of Rights will also make its way to Congress within the next 45 days. The President said this legislation is particularly important to keep industries innovating, while also providing baseline protective measures for consumers and businesses and their sensitive data. The bill of rights would help ensure online interactions are governed by “clear principles” that prevent data from being used in a way that is inappropriate.
Another distinction that must be made is consumer information must remain confidential and must be the property of the consumer.
Without getting too much into politics—because that’s a discussion for another time—it’s important to acknowledge the President is recognizing that the digital world is creating both opportunity and vulnerability for American consumers and businesses. Since so much depends on the “digital economy,” the President was pretty clear that the government plans to take new steps to mitigate the direct threats facing today’s connected consumers.
While his mandates are essential, perhaps an even greater objective is getting every company to really take a closer look at their own cyber initiatives. It’s critical to note that traditional security systems only detect and block malicious payloads by deploying a piece of malware, while today’s attacks are much more insidious. The malware attempt is really just a means to seeking something much greater. From what we have seen to date, as the security industry develops advanced methods for detecting malware, the bad guys have been able to avoid detection by creating more damage with what follows after the initial attack.
Today the number of attacks—and we are talking thousands—continues to outweigh the successes as more devices continue to get connected to the Internet. Imagine for a moment, that if these attacks were truly successful, any major disruption of services could prove extremely detrimental to the country’s well-being and position within the global economy.
Routinely protecting corporate firewalls will not cut it. Vigilance is quintessential. Education is a requisite. Corporate applications and data are being exposed both inside and outside the perimeter and companies need to erect the “ultimate fortress” to fend off even the most fierce cybercriminal.
No matter how secure your “corporate house” may be, cyber predators lurk in the shadows of the deep Web waiting for that perfect opportunity to strike. While some strike in plain sight and make their presence known, other cybercriminals strike their victims simply by taking advantage of computer viruses, keystroke logging programs, and malware to snatch sensitive personal information in an effort to commit fraud, espionage, or something even more devastating. There are precautionary steps that every person and every business can take to reduce the risk. The only question now is what is holding you back?[button link="https://connectedworld.com/subscribe-connected-world/" color="default" size="small" target="_self" title="" gradient_colors="," gradient_hover_colors="," border_width="1px" border_color="" text_color="" shadow="yes" animation_type="0" animation_direction="down" animation_speed="0.1"]Subscribe Now[/button] Gain access to Connected World magazine departments, features, and this month’s cover story!