Cyber security is a Business Problem – It is not an IT one
By Prempal Singh
Eventually, your digital business will be hacked. This is not an instance of “if” but simply “when”. And when this happens, your chance of success will depend upon the planning you have done in advance.
It is bodily and economically impossible to completely protect any organization from a data breach.
In fact, you will possibly not even know you’ve been hacked until it’s far too late – just look at internet giant Yahoo!, where a huge security breach leaked away account details for one billion users – and wiped a billion us dollars from the company’s value.
In case you’re still unsure, consider this: we’re in the midst of a steady, 40 percent year-on-year increase in the amount of malicious machine code seen “in the wild”, in other words, floating around the internet, just buying a host to strike. There isn’t a wonder that this has led to a 60 percent year-on-year spread cyber “incidents” detected by companies.
It’s time to batten down the hatches. To protect the results, business leaders need to behave now to make certain their own environments are protected against the likelihood of cyber crime.
The task is complex. Remember BYOD (Bring Your Own Device)? Just about every time an employee-owned device enters your premises or connects to your network, it puts a company IT systems under risk. Is the device properly secured? What kind of data is it having?
And what about the cloud, especially via “shadow IT”? Another culprit. People within an organization who are by-passing established processes are also creating available invitation to get hacked.
The cold is the fact that employees are using and accessing information without truly understanding the risk significance. Which is a business issue, rather than an IT one?
The biggest challenge we see is simply one of education. It is the responsibility of business leaders to make certain their personnel is alerted regarding how data is accessed, stored, transferred and transported to ensure the security of the organization as an entire – and ensure that personnel is fully aware of what happens when a data breach does occur. When this is in place, it becomes part of a holistic approach to IT security.
To be successful requires a company culture which recognizes the risk when any untrusted record or website is obtained. Take Dridex, a harmful piece of software called a Trojan. One unlucky company’s entire bank accounts was wiped out – completely – after a worker opened a file connection that had arrived by email. The attachment included the Trojan, but the email and the connection were socially engineered, to look and feel genuine. However, once activated, Dridex was able to record banking keystrokes/passwords and then send these details over the internet to a hacker in another country – who within seconds was then able to perform the simple transaction that completely drained this company’s bank details – and little could be done about it.
Cyber crime is the truth easy – yet it is very sophisticated:
Fujitsu operates a worldwide network of Secureness Operations Centers (SOCs) that were capable of detecting, observe and finally bring down the Dridex Trojan. On a similar case, we tracked down some spyware and adware which had managed to log personal data from some 350 million documents, ready for sale on the black market – the dark web. Fujitsu’s intervention meant that the kind of authorities was alerted, and arrests were made, as well as closing down the danger – which came from just two servers.
The need for companies like Fujitsu to operate SOCs to monitor and protect our customers’ networks is the testament to the reality that a firewall is no longer good enough to defend your digital business against cyber crime. Protection is 24/7. It will require regular support and threat monitoring – and rapid response mechanisms.
Effective security is about seeing the big picture – keeping a watchful eye from above and using network brains to predict what might happen next. Today, cyber security is something and not simply a software package.
The advice for business commanders is to drill-down into where and how dangers may impact their procedures. This will help reduce future attacks as well as helping to prohibit the spread of spyware and adware like banking Trojans.
Cybercriminals don’t discriminate, they are looking for almost any way in, and any business will do. To reduce the chances that their next target will be you requires reviewing and upgrading your corporate security procedures, educating your staff and recognizing that security will not have to be expensive to be effective. The addition of maintained security guard services as an additional layer of protection before the day your business is hacked is a wise move.
Source: blog.global.fujitsu.com