Tom’s facts are backed up by the recent Security 500 Survey that identified only 20 percent of Security 500 organizations are managing cyber at the enterprise level. While many Security 500 organizations defend against cyber crime at the departmental level (within IT, R&D or brand units), it is the lack of an enterprise-wide strategy that creates easily exploited weaknesses.
Cyber is all the rage or perhaps it should be all the outrage. If your enterprise, your board, your CEO are dismissing cyber as a real threat, then your organization may be on its way out of existence. Consider the trends:
• Kroll’s 2010 annual study on crime measured cyber losses in excess of physical theft losses for the first time in the study’s history.
• The Verizon 2010 Data Breach Investigations Reportdocuments that 61 percent of cybercrimes are discovered by a third party, not by the victim. In December 2009, an exchange between the Wall Street Journaland Citibank took place in which the paper reported the FBI notified Citibank that Russian cyber criminals electronically stole tens of millions of dollars. Citibank vigorously denied the report. The Journal stood by its story. Citibank stood by its denial. Only the Russians know for sure.
• A recent FBI report notes, “About one-third of all economic espionage investigations are linked to Chinese government agencies, research institutes or businesses.”
• A CIA veteran wrote that other nations are becoming willing to support their own industries by acquiring competitors' intellectual property “the old-fashioned way – they will just take it.”
The Verizon report documents that attacks may come from anywhere. External threats are not the only ones. Internal threats from social media, thumb drives and even iPods put organizations at risk:
External Agents 70 percent
Insiders 48 percent
Multiple Parties 27 percent
Business Partners 11 percent
As one leading CSO at the Security 500 Conference explained, “The criminals have expertise that will astound you. We used to see that the server making the attack was not in the same geography, for example, as the customer’s. And we mitigated that quickly. But now they have viruses that get past the commercially available virus scanners and run invisibly on the customer’s computer. The criminals sit and watch each character the intended victim types in. And when that cybercriminal comes to us through the customer’s computer, with the right pass codes from the right IP address and requests a transaction; our systems have to decide if we are processing a customer request or enabling a crime within nanoseconds.”
OK- You have risk! So, where do you get help?
Introducing the Intelligence and National Security Alliance (INSA) whose mission is to provide the intelligence and national security communities with a non-partisan catalyst for public-private partnerships which identify, develop and promote creative solutions through access to committed experts in and out of government.
INSA’s Chairwoman is Frances Fragos Townsend, the former Homeland Security Advisor and Assistant to President George W. Bush. Townsend’s vision for the Alliance is to bring expertise together, improve communications throughout the intelligence community and especially between public and private organizations. INSA creates an unparalleled community of experts including noted thought leaders, former NSA Secretary Mike McConnell.
INSA’s goal is to create innovative and timely solutions for the intelligence and security issues facing U.S. entities. Among its key initiatives is a centralized focus on cyber crime. INSA identifies crucial intelligence, completes strategic research and promotes innovative solutions for its members.
INSA’s Cyber Security Council Chair is Lou Von Thaer, president of General Dynamics – Advanced Information Systems. The Council engages government and industry communities in pursuit of innovative solutions and thought leadership that will improve existing cyber security policies, practices and organizations. Their goals are to both educate government officials on threats and recommend policies and programs for mitigation. INSA also helps private organizations develop a plan for self-organization and leveraging best practices. Currently, the Cyber Security Council is working to implement a public-private partnership model.
While cyber crime is the fastest growing business in the world, it does not need to be at your expense. Visit www.insaonline.org for details about membership, upcoming events and available reports that may be helpful to your organization.