By Maureen Aylward
From Sony to Lockheed Martin to PBS, cyber attacks are on the rise and increasing in sophistication. Even the US government announced that a cyber attack by a foreign government constitutes an act of war. How can companies, governments, and institutions protect themselves? How will cyber security change to meet the rising threats? Our Zintro experts weighed in with such fantastic responses that we are doing a three part series to address this from the perspectives of organization and governments. This is Part 3 in the Zintro Series on Cyber Security.
Hadi Hosn, an information security expert, says that foreign governments can probe systems for sensitive data with threats frequently going undetected for days, weeks, and even months. “It’s not just financial personal information being stolen; terrorists and rogue governments can steal confidential data, including intelligence information on nuclear and biological weapons that exposes a country and its citizens to potential harm,” he says.
Threats to organizations, governments and institutions affect the entire society. “Organizations and governments should realize the cyber threats are more than just an IT issue; they are a business and people safety risk,” says Hosn. “They must work together through forums and joint intelligence sessions to set up cyber security strategies and tackle cyber threats. Private organizations will need to look toward governments for uniform standards for security and protection, develop new laws on cyber security data, and create reliable metrics for internet service providers.”
Hosn says that recently the UK government has announced that it is working to develop a toolbox of capabilities for cyber security. “This development work will form an integral part of the country’s armory against cyber attack and assist the government in protecting its citizens and the well being of society,” he says. “Once this toolbox is developed and tested, the government should share it with the private sector to reduce the likelihood of data breaches thereby reducing the cyber threats.”
DannyL, an expert in data loss prevention and threat analysis of complex software systems, cites a US Department of Homeland Security article that says federal agencies suffered nearly 42,000 cyber attacks in 2010, up from 30,000 the previous year. The article says that of the attacks reported last year, 31 percent were classified as malicious code. Those numbers will continue to increase as new technologies and access to mobile devices and social networking sites expands.
James Anderson, president of Professional Assurance LLC, says that there is no evidence that governments can protect large firms from cyber attacks. “National security authorities may not even acknowledge that their interests align with a company that has suffered a cyber attack; therefore, companies must think about retaliation,” he says.
Should a company take retaliatory steps beyond simply increasing its own defensive perimeter? The answer depends on the seriousness of the attack and the potential threat from future attacks. Anderson says that simply turning over evidence to law enforcement may not save the company from future cyber attacks. But, if the attack had to do with a government’s critical infrastructure, authorities may take an interest; however, there are no established service levels for government response.
For example, Anderson says some activities that might be considered retaliatory are:
- legal information gathering to identify attackers,
- direct blocking of network traffic from specific origins,
- use of transaction identifiers that label the traffic as suspicious,
- placement of honeypots,
- identifying and actively referring botnet details for blacklisting or referral to authorities or industry associations, and
- certain types of deception gambits against suspected internal malefactors.
What do you think?
If you have a question or comment about the cyber security industry, we would like to hear it. Click here. Would you be interested in signing up to be a Zintro expert and generate free leads for your business? Click here.