FOCUS: A key to protecting your computer is to know thine enemies

15.0428.pc

By Robert Covington | Security breaches are big news these days. It seems like the major media outlets discovered cybersecurity immediately following the Sony data theft, and it has been big news ever since.

Covington

Covington

The problem of information security threats is not a new one however. When I was a student in college years ago, I worked in the University of Miami data center. One of my jobs was tracking down students who broke security rules. In those days, hackers were usually bright college students breaking into systems just to prove that they could. My prime suspect began his hacking career as a high school student, bringing his skills with him to college. Invariably, I would track those types of perpetrators down, and given the low concerns about computer crimes in those days, they would get off with a wrist slap, and I would be after them again a few months later.

Today, the perpetrators are more likely to be members of criminal groups, or foreign governments attempting to gain intelligence information or trade secrets. These people have almost unlimited funds, and a complete underground marketplace from which they can b the “tools” of their trade. This leaves the rest of us fighting an uphill battle with our more-limited resources.

One of the keys to beating this enemy is knowing them, and the tactics that they use. This is unfortunately a difficult task, given that the rules change daily. A major part of my work involves helping businesses to get and stay secure, and I spend an average of two hours a day, seven days a week, just reading about the latest exploits, studying the latest detection techniques, and listening to the major industry thought leaders. It is still a challenge to keep up.

And yet, keeping up is essential to success. Businesses and individuals continue to search for the information security magic bullet – a hardware device or piece of software that will protect them. But none exists. The only approach is to know the enemy, and to adjust the approach frequently to meet changes in the tactics.

IBM reported in their “2014 Cyber Security Intelligence Index” that 95 percent of all security incidents involve human error. The Target and Home Depot security breaches are both believed to have been committed using credentials stolen from a vendor. The big Anthem insurance data breach came via administrative credentials obtained using malware in a spam email. These incidents underscore the need for us all to be informed and vigilant.

So, how do those without an extra two hours keep up?   Fortunately, there are an increasing number of people like me who work to keep the world up to speed. We focus on educating the public. We do this via tweets, blogs, articles, white papers, and speaking opportunities. We do the work of digesting the intelligence, and passing it along to businesses and individuals in a form they can use.

You can make use of this intelligence by following the experts on Twitter, reading their articles, and acting on the information you read. With everyone understanding today’s threat intelligence, and adjusting their habits appropriately, human error is reduced, and an insurmountable problem suddenly becomes more manageable.

Robert Covington is president of togoCIO of Peachtree Corners.

Share