Thinking Outside the Checklist with Computer Network Security

Posted by Mark Teter, Chief Technology Officer
March 18, 2012

Not long ago, CIA Director Leon Panetta spoke at the DC Cyber Conference on the growing threat of a Potential ‘Cyber Pearl Harbor’, explaining that cyber-attacks and malicious computer activity, “represent the battleground for the future."

It’s alarming the lack of internal computer network security (and security in general) within most IT organizations. Obviously maintaining proper network security controls are responsible for defending your organization against data breaches, compliance, and law suits, but also as important and as significant, is your ability to enforce your own HR policies.

According to industry analyst Enterprise Strategy Group, nearly one-third of organizations have experienced a data breach within the last 12 months. Another 10 percent of the computer network security professionals surveyed responded that they “don’t know” if they’ve experienced a data breach in the last 12 months. More alarmingly, 30 percent of survey respondents say that their organizations’ data breaches resulted in a “direct loss of revenue.”

Based on PricewaterhouseCoopers’s “Trends in Proprietary Information Loss” report, the Fortune 1,000 corporations experienced proprietary information and intellectual property (IP) losses of between $50 and $60 billion annually. This outranks the losses caused by viruses, worms, and spyware ($8.4 million) and system penetration by outsiders (only $6.9 million). And about a quarter of the companies surveyed said the majority of their losses were due to insiders.

Crooks focus on computer network security weaknesses, not data… The largest identified threat to date (TJX breach) was from the attackers focusing on weaknesses in their wireless network. And if can you believe it, the attack came after the organization had certified its compliance with the Payment Card Industry (PCI). That’s actually why we recommend also focus on actual threats, rather than an audit checklist.

In the real world, attackers often progress in a stepwise fashion, as the attacker gets closer to the goal. Phishing attacks and exploited Web sites may propagate malware that is used to steal credentials, which are then exploited for access to sensitive information. Users often use similar user names and passwords for multiple accounts, both personal and work related. If criminals can break into one account, they may have access to many others.

In fact, one of the top five computer network security trends identified in 2010 is an increase in password theft/grabbing attacks via increasing attacks on social networks where less technically savvy groups are susceptible. Cyber criminals understand that credentials for one application, like an email account, will also apply to other applications such as their corporate email or Intranet account.

The message is clear: you need visibility and control. These are at the heart of information governance. We provide these tools and solutions for many organizations. Threats to sensitive information on which the business directly depends have become pervasive and widespread, and the stakes are higher than ever before. This places a substantial premium on the ability to recognize threats and correlate threat behavior.

What trends have you seen in computer network security or data threat trends as of late? More importantly, what steps have you taken – or plan to take – to protect your organization?

About Mark Teter Before he retired from ASG in 2013, Mark Teter was Chief Technology Officer (CTO) and the author of 'Paradigm Shift: Seven Keys of Highly successful Linux and Open Source Adoptions.' As CTO, Mark regularly advised IT organizations, vendors, and government agencies, and he frequently conducted seminars and training programs.

Filed Under: Network Security

0 Responses to 'Thinking Outside the Checklist with Computer Network Security'

Leave a Comment

Please copy "KflbqcZhdhIjSXvVQGUgER4K06QGnEsC" into the field labeled "Uncaptcha"