How to defend against a Sony hack
This week's revelations about data breaches at Sony Pictures and pharmaceutical companies highlight how 2014 will go down as the year of the cyber attack.
And experts say the trend will continue. News about a major cyber attack will probably surface about once every three months, says industry research firm Gartner.
Sony Pictures and a plethora of health care firms join Target, Home Depot, JP Morgan, Neiman Marcus, eBay and P.F. Chang's on the list of firms whose corporate defenses were penetrated by hackers in the past 12 months.
'We have just seen a serious reminder of how challenging information security is, and even very large companies can fail to get it right,' said Tom Chapman, a former Navy cyber warfare commander who is now with San Diego email security firm EdgeWave.
Why the surge in cyber attacks? Experts point to more sophisticated hacking from organized criminals and foreign governments; the sheer amount of valuable data being collected, more windows into corporate networks as firms increasingly rely on the Internet to do business; and the failure to make security a top priority in some organizations.
'We are probably going to find out - in some cases in unpleasant ways - that efforts to secure commercial systems, though they've increased in recent years, haven't increased enough,' said Stephen Cobb, a security researcher at anti-virus software firm ESET.
Countermeasures likely will include more secure payment cards with computer chips, additional authentication steps to ensure a customer's identity, and segmented corporate networks that limit access to the most sensitive data.
'We have a lot of inexact tools,' said Christian Byrnes, managing vice president and security analyst with Gartner. 'But if you add them together and do a lot of other things, you can get to the point where you are relatively safe.'
Just how much damage has resulted from these breaches is unclear. For Target and Home Depot, cyber criminals gained access to credit card information for tens of millions of customers. Consumers are not responsible for bogus transactions from stolen payment cards, and retailers typically offer credit monitoring in hopes of thwarting identity theft.
But there can be significant costs to corporations. Target, for example, estimated it lost $148 million from claims placed by payment card networks alleging fraudulent charges. Its veteran chief executive resigned in May as a result of the breach. Home Depot has not pinpointed its payment claims or investigation costs.
In the recent Sony Pictures breach, attackers stole four movies yet to be released in theaters and posted them online.
'We are unfortunately going to be given - as security researchers - a case study in the amount of money you lose if your movie is released online before it is released in cinemas,' said Cobb of ESET.
The Sony Pictures hackers also launched malware that deleted data from hard drives - which led the FBI to warn corporations to be on the lookout for the data-destroying virus.
'It appears that the type of attack that occurred is probably the worst attack for an organization,' said Lance Larson, a lecturer in the Homeland Security graduate program at San Diego State University, 'because unless you have backups that are up to the second, you are going to lose data.'
Comments
Post a Comment