Page 4
The Westchester Guardian
CommunitySection
THURSDAY, January 12, 2012
CYBER SECURITY MATTERS
Coming to a Computer Near You in 2012 By ALAN HEYMAN Cyber crooks will target small businesses, social media attacks will be more common, and mobile security threats will reach an all-time high in 2012. This is from the Cyber Security and Information Assurance Division of Kroll, Inc, one of the largest security companies in the industry of Cyber security. Their annual security forecast highlights major areas to be vigilant about. The Kroll annual report states that no one is exempt from attack. Companies need to take a strategic and an aggressive approach to Cyber Security. That is all size companies. As a result the Security industry is growing very fast. Up until now, this was an industry of only big companies, IBM, Boeing, Raytheon, Locked, Northrup, Grumman, etc., since this is at the heart of the Defense Industry it will be at the center for major spending in the future. There goes the US Defense budget. The end result to the everyday citizen will be better security products and services, but the down side will be maniacal disruptions to the internet passed by overzealous legislatures and the militarization of cyber space. What to watch out for: Small Businesses are becoming the newest preferred target, especially ones that house large amounts of valuable data but lack the data security budgets of larger companies. The small businesses are weakened by postponed or overlooked upgrades and replacements; this becomes the path of least resistance for Cyber crooks. Social media among businesses is skyrocketing, and its popularity will serve as a conduit for social engineering attacks. Crooks will develop new tactics to coerce end-users into disclosing
sensitive data, downloading malware (short for malicious software) or both. Companies need to combat the risks with advanced technologies, data leakage prevention, enhanced network monitoring and log file analysis. Mobile technologies are changing and expanding at a record pace, many companies can’t keep up with the pace to secure these devices. As a result security threats will out strip the prevention capabilities of many organizations.Thieves are already waiting with new scams to attack employee’s applications. “Ransomware” can take mobile devices hostage. Ransomware is hacker software that infects a device and holds it hostage until a ransom payment is delivered. Lost and stolen devices will reach new higher levels of occurrence. Digital cameras used by medical facilities to document patient treatments are becoming attractive to thieves, with this loss of data potential HIPAA privacy law volitions will rise. Cloud Computing is also reaching new highs as many companies embrace this type of technology as are hackers. Cloud Computing is the ability to use computer services outside of your business and pay for the usage not the hardware or software required, capitalizing on the cost savings and the ease of use. Current surveys and reports indicate that many companies are also underestimating the security due diligence when it comes to investigating these suppliers. The projected increase of breaches in this area will highlight the need for more attention. Targeted Cyber Attacks will rise dramatically. The growing trend over the past years has been for more, and better planned and executed breaches utilizing customized malware. Hackers will continue their persistence of network footholds by attacking all other devices on a
company’s network from printers to routers since they don’t require the same level of investment by the hacker as attacking a supply chain with customized software. This will result in increasing occurrences of targeting senior executives or owners at all companies. A profile or comment on a social media platform even by a CEO or owner’s son or daughter, can help hackers build an information portfolio that could be used for future cyber attacks. Public–private relationships in security will increase as there becomes a global collaborative to develop takedowns of hacker networks. Cybercrime has the capacity to cripple almost every aspect of commerce from the largest corporation to the individual consumer. Similarly the security of the US infrastructure is being called into question in disturbing real ways. While banks, investment firms and other companies continue on the path to globalization, they become increasing inter-connected. A cyber security breach at one firm can create effects that greatly impact systemic risk in global markets. This collaboration will increase the private sector’s capacity to respond to large threats more effectively. Increased Regulatory Scrutiny will require more detailed breach guidelines for companies to report incidents that result or could result in Cyber attacks or a risk of compromising data. Companies overlook key vulnerabilities as regulatory compliance continues to drive organizational security. State and federal regulations will be the yardstick by which comprehensiveness of data privacy and security are measured. We should expect to see governing agencies offer specific guidance on risk assessments and standard IT security controls. There is also a growing segment of Cyber professionals who cynically see the regulatory approach as recently expounded by the new head of the Federal Trade Commission (FTC) Enforcement
Group, that “enforcement promotes compliance” as a means for the federal and state agencies to increase their income stream and their respective power base. Breach notification laws will gain greater traction outside the US as the US Congress is struggling to reach a consensus on a federal breach notification law. While 44 states in the US have such laws in place, the idea internationally is gaining momentum. The US Securities and Exchange Commission (SEC) has recently introduced guidelines for public companies that require companies to report breach incidents. Geolocation technology is the quintessential double edge sword. Consumers love the convenience of innovative mobile apps and services utilizing technology. On the other hand, the backlash against surreptitious tracking or disclosure can be swift and strong. Bills have been introduced in the US Congress for the protection of Geolocation information with privacy advocates urging businesses to adopt an opt-in or consumer consent model. This is a very fast moving and evolving industry, be on the lookout for more to come. Mr. Alan Heyman, xs2ltd@gmail.com ; Managing Director of Cyber Security Auditors & Administrators LLC (CSA2) and the principal of Xanadu Security Services, LTD, (XS2) located at 436 Pleasantville Rd, Briarcliff, NY 10510. His resume is comprised of 25 years in the data communication world, having started one of the first internet based Electronic Data Interchange (EDI) companies in the late 80’s. CSA2 is focused on cyber security issues on a national scale, and the auditing compliance requirements in the healthcare industry. Mr. Heyman’s expertize is a holistic/best practices approach to privacy needs, encompassing legal compliance, IT Engineering, Software, Social Engineering with a special emphasis on computerizing audit compliance issues. He is fully certified by the IBM Internet Security Solution’s Group in all phases of IT and cyber security.