We are finally halfway through what seems to be one of the most active years in terms of cyber warfare. In the last six months we have seen a variety of industry giants fall prey to malicious attackers. Fox, Google, Lockheed Martin, HB Gary, Sony, PBS, Nintendo, CIA, RSA and the US Senate have been compromised in some way over the course of the year and with the recent addition of Sega to the list it is clear that cyber attacks are accelerating. These attacks have led to millions of customer information being leaked to the public and millions of dollars worth of damages to well known corporations. A recent tweet from 2600, the hacker quarterly, states “Hacked websites, corporate infiltration/scandal, IRC wars, new hacker groups making global headlines – the 1990s are back!” which leads us to question just how much the security scene has changed in the last 20 years.

We have to ask ourselves at some point what all these attacks mean for us.  Does it mean that we should include paranoia into our everyday lives, realizing that there is potentially someone out there, looking for a way in to our network? That there is potentially someone trying to get our information that we want kept secret and, as a result, be proactive in our attempts to remain secure?  From a corporate standpoint we need to improve our security. We need to take proactive steps to ensure that we are secure as well as have backup plans in the event we should be compromised. Our infrastructures should be designed with compromise in mind to ensure that, in the event that we are compromised, the damage will be limited. More than limiting user privileges, we also need to restrict devices from communicating with each other, networks need to be segmented and firewalls inserted to restrict access. We need to remove the barrier between technical and end users that makes the end user an obvious target for hackers. Even more than making policies however, we need to follow them. How many of successful attacks are caused by SQL vulnerabilities due to the software not being tested thoroughly due to a rush to place it in production? We live in a society where security is sacrificed to make deadlines and convenience and this is the price we pay for it.

There is a lesson in all these attacks for everyone, from the large company to the individual, to learn. If we take nothing else, realize that no organization is immune to attack and take steps to ensure our own security. As customers we need to ensure that not only are we selecting strong passwords, but also that we are using different username/password combinations every time. If a malicious user obtained your e-mail address and password from Facebook or Gmail, could he use the same credentials to log into your Amazon account to make purchases? Could he log on to your PayPal account and take your money?  As companies realize that the organizations that we are partnering with and granting access to our networks may not be secure and restrict access accordingly. Be aware of all activity taking place on your network, and all information that is being provided to individuals.

Tags: , , , ,