Created: April 29, 2012 Last Updated: April 29, 2012
Haggling over money ignited political firestorms that are changing the way two large governments function and operate. How are China and a branch of the U.S. federal government doing in the wake of serious rifts of public trust and worse?
In the case of the Secret Service scandal in Columbia, the sticking point came down to a few dollars for sex. In China?s Politburo?s once rising star Bo Xilai, his wife Gu Kailai?s failed negotiation with Neil Heywood over the price to traffic ?black money??bribes, political favors, extortion?out of China came back to haunt the fallen politician with Mr. Heywood?s death by poisoning a wrecking ball to his lust for fame, power, and fortune.
With damage done to careers and reputations, corporations large and small can learn lessons that go beyond the folly of Shakespearian tragedy.
In the new era of cloud computing, mobility, and social media vulnerability points have proliferated. With the recent data breach of credit cards at Global Payments, it?s clear that most companies aren?t investing enough money in cybersecurity; they don?t understand all the layers they need to protect their networks, data, and intellectual property.
Losing the Security Arms Race
These problems aren?t confined to the corporate world. In a scathing March 12 report on Computer Security by the U.S. Treasury Inspector General for Tax Administration, it found: ?The Computer Security Incident Response Center?s (CSIRC) host-based intrusion detection system is not monitoring 34 percent of IRS servers, which puts the IRS network and data at risk. In addition, the CSIRC is not reporting all computer security incidents to the Department of the Treasury, as required. Finally, incident response policies, plans, and procedures are either nonexistent or are inaccurate and incomplete.?
Are American companies investing enough in IT security? Do they have procedures in place to prevent the 11 percent data theft carried out by insiders? Do they allocate enough money in their budgets for security or treat it as an afterthought?
If they are haggling over cost the way the Secret Service and the Bo-Gu did, they are asking for trouble. The consequences are more dire than public embarrassment. They include loss revenue, stock selloff, rise of insurance premiums, disruption to business, and defection of key personnel, to name a few.
With changing technologies, hackers are gaining the upper hand in the cyber war.
Cloud Offers New Defense
In a recent blogpost by Sourya Biswar of CloudTweaks on how cloud technology could improve the vulnerabilities of the 2.4 million bank ATMs worldwide, she wrote: ?Diebold?s solution is to move confidential information from the ATM hard drive to the cloud. Now, information stored in the cloud can actually reside in heavily-guarded server farms with state-of-the-art motion sensors and 24/7 secured access, camera surveillance and security breach alarms. As is obvious, security would be much better than in the neighborhood ATM.?
Not everyone agrees. But defending a few fortified remote structures than millions of machines in highly trafficked areas seems a logical next step.
At a U.S. House of Representatives hearing last fall??Cyber Threats and Ongoing Efforts to Protect the Nation??Kevin Mandia, CEO of Mandiant Corp., stated: ?Many American corporations may have been compliant and diligent, but they were not prepared for advanced threats.?
He went on to testify that 96 percent of the 50 companies that his firm forensically surveyed didn?t know their businesses had been penetrated until informed by the FBI.
The problem is pervasive and widespread, with the types of sophisticated attacks are on the rise, tailored to industries, shifting focus from government to business.
Interview with Security Evangelists
James Grundvig (JG) caught up via email with security consultant, Peter Simon (PS) of One Force Technologies, Inc., and George Waller (GW), executive VP and founder of StrikeForce Technologies, Inc.
StrikeForce is the inventor and patent holder for ?Out-of-Band? authentication, and has a patent pending on its ?Anti-keylogging keystroke encryption? technology.
JG: How many layers of security are needed in today?s multi-device, social world?
GW: The default standard is Two-Factor Authentication. A social website can utilize any of the following Out-of-Band methodologies:
? Entering a # sign when phone rings
? Entering a fixed PIN into mobile phone
? OTP is delivered on-screen, phone rings, user inputs OTP into phone
? OTP is sent to a phone via SMS, OTP is entered online
? OTP is delivered to phone via text to speech, OTP is entered online
? OTP is sent via email, OTP is entered online
? Voice Verification ? imminent release
? IM Client Two-Factor Authentication
There are also hard tokens, such as devices with built-in OTP generators.
JG: Is a cloud service provider better at IT security than on-premise businesses?
GW: Cloud datacenters are useful when they do not have access to customer information. There have been many datacenter breaches recently. With that said, they do add good value and enable companies? access to technology that a smaller firm would generally not be able to afford.
JG: How does security differ between Fortune 500 and small companies?
PS: Large organizations have access to anomaly detection tools that are priced out of a small business? security budget.
GW: Larger organizations have far more breach points and databases, which make them more attractive to hackers. Based on the recent Verizon report, larger organizations were breached just as easily as smaller ones.
JG: Are we losing the arms race in cyberattacks to hackers, China, and Eastern European countries?
GW: Data breaches and identity have surpassed drug trafficking (for the second year in the row). Many analysts have said that the costs now exceed two trillion dollars a year with the majority of all breaches initiated outside the U.S.
JG: What are the vulnerabilities that hackers like to exploit?
PS: A hactivist?s goal is to bring awareness to an issue, but in the process end up doing more harm than good. A cyber-criminal?s goal is to monetize what they steal. Both have shifted their tactics from technical as defenses have improved, to an exploit that can never be patched? that of human curiosity.
GW: Additionally, hackers like to exploit anti-virus software, browsers, social networking websites, servers (SQL Injections), and humans.
JG: What?s being down to solve these problems from an IT Security point?
GW: Out-of-Band Authentication is now one of the leading methods to prevent unwanted access; keystroke encryption protects data, better IPS?s & IDS?s.
JG: Why aren?t American businesses more up to speed with online security threats?
GW: Companies are trying to get better, but the big issue is cost. However, the real driver is compliance. We need to do a better job of enforcing regulations.
PS: The prevailing attitude among some smaller firms is if companies like RSA and Sony got breached, then what chance do we have. Security has to be a part of the corporate culture from the top down. It cannot be passed off to the IT department.JG: What?s your number one recommendation for firms to secure sensitive data?
PS: Segregate and isolate it from web facing computers. That?s harder to do now with so many mobile devices and people?s need to work away from the office. Encryption of the files and keystrokes is a major step in securing the sensitive data from prying eyes and keyloggers.
James O. Grundvig is a writer and columnist residing in New York.
buy hcg online felony battery sacramento mold inspectors free images
কোন মন্তব্য নেই:
একটি মন্তব্য পোস্ট করুন