 | Issue: | North America I 2015 |
| Article no.: | 8 | |
| Topic: | Protecting our nation against cyber attacks: Vital needs to protect consumers, companies and critical infrastructure | |
| Author: | Chris Doggett | |
| Title: | Managing Director, Kaspersky Lab, North America | |
| Organisation: | Kaspersky | |
| PDF size: | 384KB |
About author
As Managing Director, Kaspersky Lab North America, Chris Doggett is for responsible for the company’s sales, marketing, and business development functions and for achieving the company’s objectives for growth in market share and profitability. Chris also has shared management oversight and responsibility for the public relations, customer support, finance, human resources and information technology functions.
Chris brings more than a decade of sales, marketing and operational experience in the information security market to the company. Prior to his role as Managing Director, Chris was the Senior Vice President of Corporate Sales, Kaspersky Lab North America, during which time he was responsible for increasing market share throughout the region. Prior to joining Kaspersky Lab in 2012, Chris was the global channel sales leader at Sophos.
Article abstract
In his address to the nation, President Obama said that: “No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families” and while I couldn’t agree more, that statement begs the question ”When are we going to take real action to prevent this from being possible?.”
Full Article
On January 20, 2015, President Obama gave his State of the Union address and for the first time cybersecurity was a key topic. The President called for strengthening cybersecurity and privacy protection, highlighting the fact that these are increasingly important issues that Americans face each day. That couldn’t be more true with the recent attacks of such prominent targets as Sony, Target, Anthem and more. According to research from the Ponemon Institute, in the case of the Target breach, 40 million credit and debit cards and 70 million records were stolen, including data such as customers’ name, address, email address and phone number. In the case of other “mega breaches” such as Home Depot for example, 56 million unique payment cards were affected and in the case of eBay, 145 million people were affected.
The effects of cybercrime on corporations are just as damaging as they are to consumers. Various research studies have shown that between the gains to cybercriminals and the costs to companies for recovery and defense, the likely annual cost to the global economy from cybercrime is now hundreds of billions of dollars.
CISOs are taking notice of the recent increase in data breaches. Forrester research shows that over the past two years, security spending as a percentage of the total IT budget rose across most industries. The more significant increases came between 2012 and 2013, with an average increase across all industries reaching more than 50 percent. The following year showed a more moderate but still very respectable increase. Budgets for all industries grew between 2012 and 2014 by about 80 percent. Especially with regard to 2014 – a watershed year for cybercrime – companies of all sizes are now placing bigger emphasis on cybersecurity, and budgets are increasing accordingly.
What could potentially be the most damaging types of cyber attacks to our nation are those on critical infrastructure, such as power grids, transportation networks and communication systems. An attack on these vital systems could have a debilitating impact on security, and even public health and safety. There are real concerns that cybercriminals will begin to increase their focus on these types of attacks. Our government has a responsibility to play an important role in reducing the vulnerabilities in our critical infrastructure.
It’s clear from looking at the research – and regularly demonstrated in media coverage of large data breaches – that we are all too vulnerable to cyber attacks that could seriously impact not only consumers and businesses, but critical infrastructure as well, crippling our economy – or worse. In his address to the nation, President Obama said that: “No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families” and while I couldn’t agree more, that statement begs the question ”When are we going to take real action to prevent this from being possible?” Today cyber attacks can endanger our country and our liberty — we are simply far too vulnerable right now. Our government has a responsibility to help protect us from them, and we know how to do it.
The basis for better addressing this need begins with sharing intelligence on cyber threats and cyber attacks. Today, far too much of this information is in silos in both the private and public sectors. We need to develop a common framework to share such information so that each branch of government, all industry sectors and all organizations can protect themselves. Furthermore, such information sharing has to be a two-way street: private sector to government, and sometimes government to private sector. When organizations discover attacks that are happening, there needs to be a way to effectively share key diagnostic information, including indications of compromise, methods and tactics, and identifying information about the sources of attacks and who they are targeting.
Currently, the variation of reporting requirements in the event of a data theft incident that exists from state-to-state result in a difficult and burdensome – and in some cases, unclear – process for companies to both determine which actions they should take, and to execute notifications to affected individuals. This expensive, inaccurate and untimely process does not best serve the interests of the affected consumers or the companies who are victims of such attacks. The creation of a common, national set of standards which mandate reporting to consumers the disclosure of their personal information when breaches occur is a logical and pragmatic advancement in the fight against cybercrime.
How does effective information sharing benefit consumers and companies? Sharing diagnostic information – information that aids others in the rapid detection of attack activity – is vital and should include inter-industry groups, vendors and solution providers in the cybersecurity industry and with law enforcement agencies. If shared effectively and efficiently, businesses that are potential victims can better protect themselves (both proactively and reactively) with this information. Companies in the cybersecurity field and their customers can benefit from information sharing as it allows those companies to more rapidly respond to new threats and attacks, and to provide more effective solutions for their customers. Governments can use information to better protect critical infrastructure, better ensure national security and increase the efficacy of law enforcement. As it is, too much vital information which could be used to prevent attacks is not used effectively due in part of ineffective information sharing. This is a weak area that must be addressed if we are to better arm ourselves and our nation against cyber attacks.
Cyber-threats are becoming a legitimate risk to consumers and businesses, but also the systems that are the backbone of our nation – critical infrastructure. The increase in cyber attacks we’ve seen in 2014 served as a wake-up call that our systems are fundamentally insecure, and that’s evident in the President’s proposal to create legislation to help strengthen cybersecurity. But more needs to be done: cybersecurity information sharing and common standards for reporting attacks are essential for defending against attacks. We’ll never be fully secure, but at least we can take steps to help defend our nation, consumers and businesses alike from the damages of cyber attacks.
