Segment Spotlight: US Government Hacked – Do We Have A Fighting Chance in the Cyber Security War?
Author: John Macario
On June 4th, reports broke that Chinese hackers breached the computer system of the Office of Personnel Management. An estimated 4 million current and former federal employees were told their personal data might have been compromised.
Today hackers have become increasingly sophisticated – exploiting every possible vulnerability regardless of how long it may take. If the government, with all of its security policies in place, can be the victim of serious cybercrime, what hope do businesses have?
Most companies aren’t doing enough to prevent cyber crime
Many organizations believe that they would never be targets of cyber attacks. As a result, decision makers often don’t make enough room in IT budgets for important security initiatives. According to John Pirc of the SANS Technology Institute:
“Too many enterprises today believe their firewalls deliver ‘good enough’ security to mitigate Internet-related threats and attacks. However, enterprises that do not currently have advanced network protection deployed face significant risk and are likely already compromised.”
Basic firewall security just isn’t enough to protect you from the sort of hackers that took advantage of the OPM. Security professionals know that more needs to be done to protect their businesses, but they often aren’t on the same page as decision makers. Recent studies have shown that corporate leaders believe most threats come from third party mistakes from service providers (49%), but those in the security trenches know that web applications (57%) and negligent insiders (56%) are the serious threats.
Budget matters aside, there are a number of approaches that enterprises of all sizes should consider to improve data protection in a world of powerful cyber criminals.
Four security strategies that can improve data protection
While firewalls are built into network environments, it will take more intricate strategies to keep up with increasingly dangerous threats. Here are four different security strategies that can accompany firewalls to create a more layered defense:
- Data masking: This process takes original, sensitive data and basically redacts it – hiding it with random characters and data. The government is considering this approach to protect the data stored in its systems in light of the recent Chinese hacking incident.
- Data encryption: Encryption can be used to protect data while being transferred and while at rest. In an increasingly mobile world, data should not be left vulnerable as it is shared – and stored – via globalized networks.
- Intrusion detection systems (IDSs): With the prevalence of security attacks, it is critical that companies compress the time it takes to (1) know that they have been hacked and (2) discover the extent of the breach. IDS solutions analyze traffic patterns to identify and alert companies to a wide range of malicious activity.
- Session border controls (SBCs): Communications networks are often left behind when security strategies are implemented. VoIP has become a popular telecom strategy in the mobile business world, but it can leave your systems vulnerable. SBCs can act like firewalls for telephony traffic, protecting your network from potential threats to the communications environments in a way that still ensures call quality in the event of an attack.
If the government can fall victim to sophisticated cyber attacks, so can your business. According to recent reports by the Identity Theft Resource Center, “the number of U.S data breaches tracked in 2014 hit a record high of 783 in 2014.” Don’t rely on firewalls alone to protect your most sensitive data. Only by implementing a more comprehensive security strategy can your business hope to secure their valuable data against the next attack.