Cyberespionage Is Now a Major Political and Corporate Security Issue
Regardless of how anyone might feel about any of the presidential candidates, the one thing that became apparent to even the most casual observer this past week is just how pervasive cyberespionage now is. After all, it’s not every day that a chairwoman of a major political party is forced to resign because of emails that were allegedly stolen from a private server by Russian agents and then passed on to Wikileaks.
Cyberespionage, of course, has been a problem for years now. Earlier this year a director for the National Security Agency (NSA)) testified before Congress that cyberespionage on behalf of China remains widespread. This came after a U.S. general no less earlier testified way back in 2013 that trillions of dollars in intellectual property was being illicitly transferred to countries such as China. The challenge most organizations now face is that these attacks are being perpetrated by individuals that clearly have some of the most advanced skills hacking skills ever seen. As agents of a nation state it’s even than probable that new forms of Advanced Persistent Threats (APTs) that have yet to be discovered are being employed.
There are two things the average business executive should take away from all this. The first is that when it comes to electronic communications there may be no such thing as private. If you are saying something that you would not want the rest of the world to one day know it’s not advisable to put it in an email.
[clickToTweet tweet="If you do not want everyone to know what you are saying, do not put it in an email. @mvizard #infosec" quote="If you are saying something that you would not want the rest of the world to one day know, it’s not advisable to put it in an email."]
The second more important issue is the pressing need to protect intellectual property. For the most part IT organizations that try to protect everything almost always wind up protecting nothing. Organizations need to identify their more important data and concentrate the majority of their efforts on securing that data. In fact, John Riggi, managing director with BDO Consulting and former FBI Section Chief for the Cyber Division Outreach Section, says organizations should take a page from the way governments handle classified data. There may be an occasional breach of protocol as evidenced by the use of a private email server. But for the most part, Riggi says the government does an admirable job of securing classified data that is handled much differently than data this is unclassified. The good news is we’re already seeing a major surge in the use of encryption being applied to data that is both at rest and in transit.
Of course, there’s still no such thing as perfect security. If an end user that has the rights in place to read encrypted data has their credentials hacked no amount of encryption is going to matter. That data can be read by hackers pretending to be that employee. Because of this issue an organization that encrypts data need to be wary of becoming overly dependent on one single layer of security that, much like any other form of standalone security, can be compromised. Encryption is only really effective when it’s part of a layered security strategy that protects employee credentials.
When it comes to IT security these days it’s not necessarily that we live in a brand new world. Rather, it’s just more people are becoming aware of what type of world we do live in. Given the current state of IT security, however, that’s not a necessarily a bad thing.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot.Mike also blogs about emerging cloud technology for Intronis MSP Solutions by Barracuda.
Connect with Mike on LinkedIn, Twitter, and Google+.