Lights Out: Our Greatest Cybersecurity Threat

pylon sunset

With the ongoing list of companies and organizations falling victim to breaches in their data systems, many are asking if the practice of robbing and stealing private information will ever come under control. The number of systems and people the breaches affect is staggering. The once favored target of hackers, credit card numbers and passwords is now being joined by personal medical information and everything else that comes along with it. The cybercriminals appear to be taking a shotgun approach, breaking into any system that is discovered to be vulnerable to their misdirected talents.

Company officials and cybercrime busters are showing signs of fatigue as they struggle to prevent the rampant, unwanted intrusions and theft. The fact that many of the largest attacks are originating from countries like Russia and China serves only to ratchet-up the hand ringing. If our non-allies like China and Russia are at the bottom of much of the illegal activity, and the measured mayhem it causes, it begs the question as to their motives. Are these attacks against softer targets a dress rehearsal for something much larger and more disruptive to come?

The electrical utilities industry is taking notice of the increased rate of intrusions across other industries and has begun to ramp up their security efforts to prevent an interruption to the country’s electrical grid.  A federal analysis, reported earlier this year, indicated that an attack on just nine of the country’s 55,000 electrical substations would result in a coast to coast disruption in electrical services. While the cybertheft and misuse of personal credit card and medical information can cause significant economic and personal strife, the damage pales in comparison to the wholesale disruption of the countrywide distribution of gas and electric.

“The industry is paying attention and actively seeking ways to bolster security practices to limit power system vulnerability,” says an annual report from the consulting, construction and engineering firm Black & Veatch titled “2014 Strategic Directions: U.S. Electric Industry.” “We are seeing an industry that is actively moving forward with the deployment of comprehensive asset protection plans following several high-profile cyber and physical threat events.”

But, among those who were surveyed for the report, only 32 percent of electric utilities had integrated security systems with the “proper segmentation, monitoring and redundancies” needed for cyberthreat protection. In response, federal industry regulators have instituted updated standards for the industry.

Many cybersecurity experts are now focusing additional attention to developing plans to respond to the calamity that would surely accompany a successful attack to our country’s utility infrastructure in addition to their intensified prevention efforts.

As the only superpower in the world, we must come to a heightened realization that the greatest and most impactful threats from our enemies may not come by way of bombs, bullets and missiles, but from our enemies’ ability to simply turn out our lights at will.

The State Of Cybercrime Activity; It’s Not Good News

IR Blog 0820 image

A recently released report suggest that 2013 was a watershed year for cyberattacks against a wide range of unsuspecting targets.  The Symantec Internet Security Report (ISR), compiled by the Symantec Global Intelligence Network, was recently published in Forbes, and is used to identify, analyze and predict future trends for the cybersecurity landscape. What may not be very surprising to many is that 2013 far exceeded previous years in breaches of personal, company and government data systems. The number of data breaches grew by a whopping 62 percent from 2012, exposing 552 million identities and chalking up an increase of 368 percent over previous years’ experience.

The most vulnerable victims appear to be small to mid-sized (SMB’s) companies that remain the most likely to be targeted because of their limited ability to defend their data from sophisticated attacks. Companies in this category were more than 50 percent of all breaches but attacks against businesses of all sizes grew by 91 percent over 2012. Ransom ware, the malicious software imbedded on unsuspecting computers and mobile devices by cyberdata kidnappers, grew a massive 500 percent last year with the kidnappers pocketing between $100 and $500 ransom from each victim to unlock their data. The Internet of Things (Iot), common every day appliances which are connected to the Internet, is predicted to be fertile ground for hackers, intruders and cybercriminals in the coming year. The report clearly dampens any notion that cybercriminal activity is soon to be on the decline.

“The Russians Are Coming, the Russians Are Coming,” a comedy film of the 1960’s Cold War era is beginning to have a different and more ominous meaning in 2014 and there is nothing comedic about it. This month a Russian crime ring invaded the cyberworld and confiscated a massive cache of 1.2 billion user names and passwords as well as more than 500 million email addresses. Hackers randomly targeted websites of SMB’s and Fortune 500 companies and demonstrated very little discretion as to the size or identity of their victims. The breach dwarfs last year’s intrusion at retail giant Target, who announced this week that it will cost an estimated $148 million to recover from their historic cybersecurity failure.

The Russian-based hackers are using the stolen information to send spam on social networks and through unsolicited emails on behalf of those who are willing to pay a fee for the service. With the overwhelming, and seemingly unchecked, increases in illegal cyberactivity, many in the cybersecurity industry are feeling that they are waging a losing battle when it comes to implementing effective defenses against those who are increasingly intent on stealing personal information.

The only silver lining to this cloud is that given the current trend, then one category of technical skill-sets not in jeopardy of becoming extinct any time soon are those associated with stemming the tide of threats and intrusions to the cyberworld.

Coming Soon, A Fundamentally Changed Work Environment

IR Blog 081319 Work Environment

It is often said that, “In time all things change, nothing forever stays the same.” The well-used phrase is certainly getting a renewed workout, particularly when referencing the trends in the employer and employee relationship. The rapid acceleration in technology, stagnate world economy, government intrusion into healthcare and the advancing of more creative business models are converging to make the workplace of the future fundamentally different from that of our parents, grandparents and maybe even our older siblings.

We are all aware that the once familiar workplace, filled with loyal employees serving and growing into a stable and extended relationship with a single employer, is inarguably gone forever. But the number and fundamentally impactful workplace changes being tossed about have many predictors of the future just a little bit uncertain as to what the future workplace and its employee/employer relationship will resemble. The only clarity of vision is that it will not likely reflect today’s work environment.

During the most recent economic meltdown and the sluggish recovery, once stable company positions, and the workers who filled them, became vulnerable as business entities across the spectrum of industry sought to cut operating costs and re-evaluate their established business models.  A significant number of displaced workers, who were once dedicated to a single employer, have become free agents, working on an as-needed basis from project to project. Akin to the “just in time inventory” management process, first introduced to industry in the 1980’s, workers arrive and sign-on only when needed. Employers are experiencing much needed cost savings by hiring freelancers because they don’t have to pay benefits and can attract much needed technical and specialized skills only when they are needed most.

Nearly a third of the new contract employees report that they prefer the contractual relationship with their now “client employers” because it offers them more flexibility in work schedule and workplace.  Today, one third of Americans are freelance contractors and consultants and it is predicted that there will be more of them than full-time employees in just six years.

As these arrangements become more common, the traditional work environment is undergoing significant physical change. “Mobile and social are driving a huge cultural shift and, in fact, are creating a whole new work style,” said Oudi Antebi, senior vice president at a leading social business software provider. “People aren’t chained to their desks the way they were even five years ago. As a modern, mobile workforce, we’re shedding the desktop and clunky software in for systems and tools that give us the freedom to work with anyone.” This means that more professionals will be working from home instead of the traditional office setting which will experience a total reshaping due to new technological tools and office layouts that reflect the new workplace culture.

The introduction of healthcare reform under the Affordable Care Act (ACA) is proving to pose the most uncertainty on the workplace of the future. Employers with 50 or more workers will be mandated to provide affordable health insurance to all full-time employees beginning in 2015. Most companies are still uncertain as to the total effects of the Act’s introduction on their relationship with their employees. Many believe the changes will promote smaller, more nimble and more flexible workplaces with fewer traditional full-time employees and more contingent workers in order to adjust to the new employment reality.

As staffing strategies evolve in order to respond to a new competitive environment, the typical workplaces of today and the traditional employer/employee relationships will soon be a thing of the past. Transitioning to the future workplace will require organizations and individual workers alike to seek out and accept creative solutions and an openness to embrace, not fear, change.

 

 

 

The Next BYOD Security Threat May be Coming Soon

IRBlog_cr0806_BYOD

Each day brings yet another story of organizations worldwide dealing with the latest attack on company data systems. The threats spread across an assortment of perpetrators from inside and outside of the organization, with an increasingly number of threats finding their way into the workplace system through internal bring-your-own-device (BYOD) policies.  Of all the significant security breaches reported, 54 percent were attributed to employees violating personal mobile device use.

According to a recent Vectra survey, many organizations are concerned about future intrusions from within, as a mere 21 percent of more than 1,100 IT security practitioners have fully implemented BYOD policies, processes and infrastructure.  Employees who bring malware infections already embedded in their smartphones, tablets and laptops are at the top of the list of concerns for cybersecurity professionals. The most common risks involve password protection, remote wiping of data and use of encryption.

Businesses large and small are finding that mobile devices are changing the way people are computing. With the popularity of the cloud and the advancing trend toward all things Internet, the majority of organizations’ security strategies are undergoing rapid evaluation and change in order to deal with the growing number of potential unwanted entries to a company’s data systems. “The human is still the weakest link in security,” said Tim Brown, Dell fellow and executive director of security for Dell’s Software Group. “But humans are also the greatest enablers of security.”

Effective BYOD security measures must be proactive, originating from the manufacturers, who design and build the devices; inputs the operating software that operates them and onto the end users. The most successful security strategies are those that recognize that effective security is all about the people who use the devices. With human error such a big factor, user security measures, education, ongoing training and monitoring of employees is essential in order to avoid the calamity of unwanted breaches.

Cisco Systems is predicting that by 2020, there will be more than 50 billion devices connected worldwide, communicating with each other, exchanging data and opening up even more targets for cybercriminals to attack. There is virtually no chance that the number of cyberthreats will abate on their own, making it imperative that businesses of all sizes, across all industries, focus on measures that will effectively address the next BYOD security issues that are surely to come their way soon.