Chinese companies are hacking into American corporations and stealing trade secrets. Over 22 billion records containing extremely sensitive information were stolen in an Office of Personnel Management (OPM) hack. And yet we still have no official answers on who the culprit is or plans to retaliate. Meanwhile, these issues have faded from the headlines, replaced instead with politics as usual. But cyber security must remain at the forefront of our minds – we cannot begin to view these attacks as normal occurrences in the course of everyday life. Ignoring cyber security problems will have dangerous and lasting consequences.
Now more than ever, we need strong government and private sector engagement and cooperation on cybersecurity. All aspects of our lives, from our social interactions to financial institutions, global trade, and government systems, rely on a secure cyberspace to facilitate the free flow of capital, goods, and ideas. The best way for collaboration and best practice-sharing would be for investors, legislators, policy makers, and businesses of all sizes to come together and address the risks we face in our connected society.
The cyber security community is buzzing about the results of the recent Ponemon Institute survey. The survey, which included over 1,000 U.S. and German IT security professionals, showed that nearly half of the participants agreed that their organizations don’t have the necessary protections in place to prevent risk from careless employees – who pose the largest threat to a firm’s cyber integrity.
Indeed, employee mistakes cause 95 percent of all incidents. Employees can make their companies susceptible to attack by clicking on malicious links, failing to verify the authenticity of phone calls or banking websites, and failing to use or update strong passwords. It’s impossible for businesses to shore up their security apparatus when their largest threats come from right inside the building, thus it’s important for companies to ensure their employees are adequately trained and understand the risks and importance of strong cyber stewardship.
Marc van Zadelhoff, Vice President of Security at IBM, outlined other crucial steps all businesses should take to thwart off cyber-attacks take in a recent Harvard Business Review interview. The government, too, could heed his recommendations and implement similar plans in the public sector.
According to Zadelhoff, the first step to cyber security is for businesses of all shapes and sizes to identify their most sensitive — and therefore most threatened — information. Taking inventory helps organizations personalize their security programs so that they are able to keep their “crown jewels” secure. Encryption should also be used to protect the most sensitive of data.
Zadelhoff also recommends having strong analytics and intelligence in place, far before an issue arises, so that companies can quickly understand the extent of the damage while an attack is occurring or immediately after. He stressed the importance of having a strong incident response team trained and ready, and discussed the necessity of companies practicing cyber “fire drills,” so they are prepared for a robust, rapid response when they find themselves under attack. In fact, companies that had such response teams in place saved $12 to $13 per cost of a breach per capita, in comparison to companies who did not. Investing in security early pays off in the long run.
The sharing of information is critical. In fact, the hackers are collaborating, so why aren’t we? Criminal bad actors share their “best practices” on the Dark Web, while we still operate with blinders, refusing to open our eyes to what’s around us until we’re hit.
While we can never be one hundred percent safe from cyber-attack in today’s day and age, it’s critical that our government and our businesses have the ability to rapidly respond to breaches, to play offense instead of defense, and to innovate to protect our most valuable information. Technology innovation requires early and focused investments to help foster technologies and services to help us all stay ahead of the bad guys. This is a threat we all face, a tragedy of the commons, if you will. We need a collaborative, diagnostic, united approach to combat cyber-crime. After all, we really are all in this together.