Security and the Frightening War for Your Information

Security aComputer mouse tanks represent the war for your information.nd the Frightening War for Your Information

In the early morning hours of September 6, 2007, a sophisticated computer hacking attack reportedly knocked out Syria’s military radar system, allowing Israeli jets to slip in undetected and bomb a Syrian nuclear facility suspected of producing weapons grade uranium.

This past summer, consumers and businesses in Great Britain lost more than $1 million after their computers were quietly infected with a Trojan that stole their bank account login information. That information was then used for illegal transactions. In one financial institution alone, about 3,000 accounts were compromised.

On September 24, 2010, Reuters reported that the Stuxnet worm, which has infected thousands of computers worldwide, was specifically designed to attack Siemens AG industrial control systems used at Iran’s first nuclear power plant. Malware experts have concluded that only a state could have created a virus of such sophistication.

Make no mistake. Information security is no joke. If your organization depends on sensitive, confidential or secret information to do its job, that information and your organization are at risk.

 

Increasing Attacks
The number of information security incidents that threaten to compromise information and systems is growing at a frightening pace. According to a General Accounting Office (GAO) analysis the number of cyber attacks against federal agencies rose from 5,503 incidents in 2006 to 16,843 in 2008, an increase of more than 200%.

 FederalSecurityIncident06To08.gif

 

The Nature of the Beast
While most of the public’s attention is focused on the latest virus, or Trojan, the battle lines in this information war are not being drawn by the malware of the week, but rather by the black-hat hacker who creates them.

The typical hacker is not some whiz kid teenager pulling a prank. These are talented professionals motivated by money or patriotism to steal data and disrupt information systems.  

"Modern malware is merely a tool - and only one of many - used by cybercriminals to carry out their attacks," notes Mary Landesman, Senior Security Researcher at ScanSafe. In ScanSafe's annual security report, Landesman explains further that "To approach today’s security challenges as a malware problem is to completely miss the bigger picture – it is a criminally run sophisticated e-business network intent on gathering intellectual and corporate assets. It is not simply a malware problem per se; it is a large scale cyber-espionage assault and all countries are being adversely impacted."

Indeed, the sale of malware is a growing international industry, complete with source suppliers and middle-men, who brag about their dependability and even provide support to their clients. Then there are the buyers, who purchase and use the malware in an attempt to steal information.

The National Institute of Standards and Technology (NIST) put it this way in one of their security publications (SP 800-37), “Cyber attacks on information systems today are often aggressive, disciplined, well-organized, well-funded, and in a growing number of documented cases, very sophisticated.”

 

The First Line of Defense
Whether the attacks are state-sponsored or launched by an organized crime syndicate, the point is that the battle for your information is being initiated by smart motivated people, and you need smart motivated people on your side to counter them.

The first step is to understand that security of your information and information systems must be taken seriously. You should consult with a certified security professional who can guide you through the steps to develop and implement a formal security plan to secure your data and protect your operations.