Trends Column / Security Leadership and Management

New Threats Demand New Alliances

Trends

Forget Ipads, Facebook and even the latest video game, Call of Duty-Black Ops, which sold $300 million plus in its first day, as hot companies and can’t lose businesses. They have nothing on cyber crime. At the recent Security 500 Conference, Tom Mahlik, former Section Chief for the FBI’s  Domain Section CounterMarkMtrends2 Intelligence Division, pointed out that not only are U.S. businesses and government agencies losing north of one trillion dollars from cyber crime globally (yes, about 8 percent of the U.S. economy); but that most victims are not aware of it and do little to defend against it.

Tom’s facts are backed up by the recent Security 500 Survey that identified only 20 percent of Security 500 organizations are managing cyber at the enterprise level. While many Security 500 organizations defend against cyber crime at the departmental level (within IT, R&D or brand units), it is the lack of an enterprise-wide strategy that creates easily exploited weaknesses.

Cyber is all the rage or perhaps it should be all the outrage. If your enterprise, your board, your CEO are dismissing cyber as a real threat, then your organization may be on its way out of existence. Consider the trends:

•  Kroll’s 2010 annual study on crime measured cyber losses in excess of physical theft losses for the first time in the study’s history.

 

•  The Verizon 2010 Data Breach Investigations Reportdocuments that 61 percent of cybercrimes are discovered by a third party, not by the victim. In December 2009, an exchange between the Wall Street Journaland Citibank took place in which the paper reported the FBI notified Citibank that Russian cyber criminals electronically stole tens of millions of dollars. Citibank vigorously denied the report. The Journal stood by its story. Citibank stood by its denial. Only the Russians know for sure.

 

•  A recent FBI report notes, “About one-third of all economic espionage investigations are linked to Chinese government agencies, research institutes or businesses.”

 

•  A CIA veteran wrote that other nations are becoming willing to support their own industries by acquiring competitors' intellectual property “the old-fashioned way – they will just take it.”

 

The Verizon report documents that attacks may come from anywhere. External threats are not the only ones. Internal threats from social media, thumb drives and even iPods put organizations at risk:


   External Agents                 70 percent

   Insiders                               48 percent

   Multiple Parties                  27 percent

   Business Partners            11 percent

 

As one leading CSO at the Security 500 Conference explained, “The criminals have expertise that will astound you. We used to see that the server making the attack was not in the same geography, for example, as the customer’s. And we mitigated that quickly. But now they have viruses that get past the commercially available virus scanners and run invisibly on the customer’s computer. The criminals sit and watch each character the intended victim types in. And when that cybercriminal comes to us through the customer’s computer, with the right pass codes from the right IP address and requests a transaction; our systems have to decide if we are processing a customer request or enabling a crime within nanoseconds.”

OK- You have risk! So, where do you get help?

Introducing the Intelligence and National Security Alliance (INSA) whose mission is to provide the intelligence and national security communities with a non-partisan catalyst for public-private partnerships which identify, develop and promote creative solutions through access to committed experts in and out of government.

INSA’s Chairwoman is Frances Fragos Townsend, the former Homeland Security Advisor and Assistant to President George W. Bush. Townsend’s vision for the Alliance is to bring expertise together, improve communications throughout the intelligence community and especially between public and private organizations. INSA creates an unparalleled community of experts including noted thought leaders, former NSA Secretary Mike McConnell.

INSA’s goal is to create innovative and timely solutions for the intelligence and security issues facing U.S. entities. Among its key initiatives is a centralized focus on cyber crime. INSA identifies crucial intelligence, completes strategic research and promotes innovative solutions for its members.

INSA’s Cyber Security Council Chair is Lou Von Thaer, president of General Dynamics – Advanced Information Systems. The Council engages government and industry communities in pursuit of innovative solutions and thought leadership that will improve existing cyber security policies, practices and organizations. Their goals are to both educate government officials on threats and recommend policies and programs for mitigation. INSA also helps private organizations develop a plan for self-organization and leveraging best practices. Currently, the Cyber Security Council is working to implement a public-private partnership model. 

While cyber crime is the fastest growing business in the world, it does not need to be at your expense. Visit www.insaonline.org for details about membership, upcoming events and available reports that may be helpful to your organization.

Did you enjoy this article? Click here to subscribe to Security Magazine. 

Recent Articles by Mark McCourt

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security June 2015 issue cover

2015 June

In this June 2015 issue of SecurityIs the security director business’s new “corporate rock star?” Find out how CSOs can become the new leaders of their enterprises through mentorships, partnerships and creatively adding business value. Also, learn how security professionals are training employees in cyber security through games. And why are deterrence and detection so important when it comes to thwarting metal thieves? Find out in this issue.

Table Of Contents Subscribe

Body Cameras on Security Officers

Body cameras are being used increasingly by police in cities across the U.S. Will you arm your security officers with a body camera?
View Results Poll Archive

THE SECURITY STORE

Effective Security Management, 5th Edition.jpg
Effective Security Management, 5th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.