As dangerous as it is globally opportunistic, the Internet is like a double-edged sword for organizations that do business online. Sounds kind of dramatic, but the greater your reliance on the Internet, the greater the risks. Need some evidence? Look no further than any recent victim of cyber security threats turned nightmares.
2014 got off to a rough start for one retail giant. Over the 2013 holiday season, Target was the victim of a security breach that led to the exposure of 40 million credit card numbers and an alarming 70 million customers, who had addresses, phone numbers and other personal details stolen. The breach was the result of a massive malware infection that enabled hackers to thieve the sensitive data as customers swiped their credit cards inside the store. Target shelled out over $60 million in responding, got hit with more than 90 lawsuits, and saw its holiday profits drop by a whopping 46 percent.
Although the investigation is still ongoing, pointed fingers seem to suggest that what Target didn’t know about cyber security may ultimately be responsible for the breach – which brings us to our point for this post. There are countless myths surrounding the cyber security conundrum, and the ability to separate fact from fiction could play a vital role in protecting your organization.
1. Cyber Security is an IT Problem
The Real Deal: Not Necessarily
It’s easy to place the blame on technology when e-commerce platforms, websites, and other IT systems are providing a point of entry for attackers. But that’s more of a cop out than anything. While technology plays a role, people are responsible for securing the network and its systems. It’s up to members of the security team and often upper management to define polices that keep the bad guys out. Identifying viable security technologies, as well as determining which networks, applications, data and other assets need to be protected is usually a cross-departmental effort.
2. Tech is the Answer to Cyber Security
The Real Deal: Not the Only Answer
Tech tools are necessary and effective at protecting mission-critical systems, but they are merely one piece in what should be a complete cyber security puzzle. Companies also need to craft policies that protect the privacy and integrity of resources through strict access control. Whether it’s staff or personnel from third-party vendors, you must keep unscrupulous and dishonest people away from sensitive business data. Blended with encryption, password protection, and other proven authentication methods, tight access control is one of the most effective ways to secure informational assets.
3. Firewalls and Anti-malware Equal Bulletproof Protection
The Real Deal: Not Even Close
You can rest assured that Target is using some of the most sophisticated firewall and anti-malware technology available. This didn’t stop them from getting hit hard. Cyber criminals grow more advanced by the day and malware is just one of several weapons in their bag of tricks. We recently discussed how internet villains are using DDoS attacks to take down some of the web’s most popular websites. Firewalls and malware protection technology should be used in concert with various other tools and strategies that defend against the arsenal of threats that exist in the realm of cyberspace.
4. Only Microsoft Systems are Affected
The Real Deal: Dangerously False
Tech geeks love to blast Windows for its vulnerabilities while pumping up alternatives such as Linux and Mac OS X for being more secure by nature. While Microsoft applications have a history of security issues, any system can technically be compromised. If an employee browses their way to a rogue website and clicks on a malicious link, guess what – they’re going to trigger an infection whether they’re using a Windows PC or Apple machine. Assuming you can roam freely across cyberspace without consequence based on OS or browser could be cause for a rude awakening.
5. Cyber Security Threats are Easy to Spot
The Real Deal: Not Always
The Target breach may be the result of a failure to react. In some cases, cyber-attacks simply go undetected. Genuine websites are regularly hijacked and laced with malicious code just waiting to compromise unsuspecting visitors. Speaking of which, you may not even know your computer is infected. Attackers could use a piece of malware to recruit your systems into an army of zombie computers or “botnet”, to participate in the onslaught of other computers, networks, or apps – all in stealth mode from a remote location. By the time you find out, the damage could be inflicted severely.
6 .You’re Not Important Enough to Attack
The Real Deal: Wrong!
You don’t have to be a corporate powerhouse like Target to garner the attention of attackers. You can be a local plumbing company. A nonprofit. A solo software developer. Today’s cyber criminals are thinking outside the box. They have special tools that allow them to wander the internet and snuff out new vectors to attack. Without adequate protection, any of your connected resources can be compromised within minutes. And if you’re not careful, the data you peg as insignificant can fuel everything from fraud to full blown identity theft.
The government is trying to step in, but for now, the internet is still an unregulated playground where digital savvy criminals run roughshod like outlaws from the Wild Wild West. Continuous education and taking advantage of every available resource is critical in minimizing the risks.
Photo Credit: CeBIT Australia via Flickr