NCSAM: Battling Against Cyberattacksby Joseph Steinberg - Oct 28 2011, 14:10
As the twenty-first century progresses, it is becoming increasingly clear that America's economic prosperity and competitiveness depends on our successfully implementing effective cybersecurity.
While the task of ensuring our nation’s physical security is achieved through our military and law enforcement organizations, cybersecurity assurance cannot be delegated to the government, and relies heavily on the involvement of businesses.
As nations with a history of tolerating corruption and crime continue to modernize, cyber threats to our commercial enterprises mount. While classic cybercrime involved primarily the theft of money or goods, today’s criminals know that corporate information stored in electronic form on Internet-connected computers and networks is often of great value – and can be sold to competitors or other parties.
Unlike financial fraud, such attacks are often undetectable – as nothing is missing from the system that has been breached – and pose less risk to the perpetrator than directly stealing money. As a result, computer-based espionage against businesses is becoming increasingly common.
While properly implementing cybersecurity for a business can be complicated and should involve the services of an expert, and while a single article is certainly not sufficient to cover all the aspects of corporate cybersecurity, here are several important high-level pointers:
- Commit to actively ensuring cybersecurity. The cost – in terms of time, money, and aggravation – will likely be far less if a proactive approach is taken.
- Create proper policies governing who have access to which resources, and implement rules and technology to enforce these policies.
- Access to systems and information should always be on a “need to know” basis, and all sensitive information should be stored in an encrypted format. Remember, if a user has physical access to a system, he or she can probably gain digital access as well.
- Business systems should be used for only their intended purposes and not for others, such as reading email or accessing Facebook. Ensure that every user has their own credentials and that all systems require a login with a password that is not easily guessable or found in the dictionary.
- Remember that cybersecurity must be enacted not only for ‘classic looking’ computers such as desktops and laptops, but for tablets and smartphones as well. All portable devices that house business data should have remote-wipe capabilities enabled.
- Don’t just buy “Internet Security Suite” software and assume that your business is secure. Hire an expert to analyze your business requirements and technical infrastructure, and select and implement security technology to meet functional and security requirements accordingly. Ensure that all technology is kept up to date.
Keep in mind that all major recent cybersecurity breaches have occurred to organizations running firewalls, anti-virus software, and other security products. If the wrong products are chosen, or if the right products are either implemented improperly or not kept up to date, security can crumple rather quickly.
[NOTE: The Tech Herald will on occasion publish industry related, and vendor submitted items. They are subject to editing for length and sales content.]
This article was submitted by Joseph Steinberg.
Joseph Steinberg, CISSP, ISSAP, ISSMP, CSSLP, is a respected cybersecurity expert and the C.E.O. of Green Armor Solutions, a leading provider of information security software.
He is the inventor of several cybersecurity technologies, the author of a book and many articles on cybersecurity-related matters, and a frequent lecturer on topics related to cybersecurity, technology, and business.