You will be attacked!
A battle that you cannot see is directed at your data.
Knowledge is power, and your data is even more powerful. Be it governmental, corporate, or personal databases, if your data is taken without your consent, it can ruin you reputation, your business, your personal finances, and your confidence in your government and banking system.
Wikileaks posted numerous Hillary Clinton emails, which shows clear evidence of a data breach. The Internal Revenue Service has reported that it has been hacked and the Democratic National Committee has been hacked. More recently, registration systems have been penetrated in Arizona and Illinois.
What is going on?
The tactics are clear to me.
Key information systems are being probed and penetrated on a regular basis. The attacks are aimed at targets that will produce maximum news coverage and at the same time undermine public confidence. The attacks also correlate to current events to achieve maximum impact.
From our standpoint, the attacks are coming from a wide range of sources. These include state-sponsored efforts such as the People’s Republic of China and Russia.
We have morphed from human espionage operatives to cyber espionage within the realm of the World Wide Web.
More importantly, these attacks represent a proving ground for conceptual battle tactics rivaling a Tom Clancy novel. The net outcome is the successful penetration of larger, conspicuous, and more sophisticated targets.
The cyber research collected at our expense is putting tactical arrows in criminals’ quivers, and will potentially unleash a frightening future using servers positioned all across the virtual landscape. With this stolen information cyber criminals can plan to disrupt an industry, system, region, or government with only cyber-shots being fired.
What can we do?
The assumption here, as the title of this blog states, is that you will be attacked.
Start preparing now!
Your organization must determine your vulnerabilities. Penetration testing isn’t enough. Monitor your enterprise and the movement of data, and the type of access behaviors.
Encrypt and compartmentalize your data. Minimize your bank’s value as a target.
And do not keep the encryption keys online!
In other words, even if cyber criminals get in, make sure they won’t get much.
Constantly change your security parameters and your associated access controls. The longer you stand still the greater the chance you will be identified, successfully probed, and ultimately compromised.
Our research at The Copper River Group indicates that identity theft and large databases are the target.
Food for thought: If you hear an explosion, the one thing you should realize is the damage has already been done! It is too late to protect yourself. It is too late, the data is gone, and so are the perpetrators … while you are left with the damage.
Start protecting your data now—don’t wait until the explosion!