There continues to be published headlines, “Preparing for the Future Cyber Warfare.” The harsh reality is that there is documented evidence that we are in the midst of a cyber-war now, and have been for years. This should not be confused with the compounding threats of cyber espionage and cyber-crime. They are all at the front door of your network, and actively testing your security to see how they can exploit your organization.
Let’s look at events that are close behind us as a reminder of where we have been and where we are going. In 2012 / 2013 hackers put Wall Street on notice with DDOS attacks, security breaches, theft of highly sensitive M&A deal information, and more. In 2013 / 2014 the retail industry became a significant area of focus with companies like Target and Home Depot having the highest visibility. 2015 kicked off with an all out skirmish of cyber attacks across the internet following the early January attack on the office of French magazine, Charlie Hebdo, follow shortly thereafter with a strong refocusing of efforts by hackers back on the US banking industry.
With the heat rising on the global geopolitical front, it’s anyone’s guess where the remainder of the year will take us. The one thing that is certain, even though there are no clear lines in the sand defining or declaring a cyber war, American corporations and governments have been fighting battles on all fronts (foreign nations, cyber criminals, and competitors). Most importantly to accept, it’s not going away anytime soon, and that each and every corporation and government entity, including lower levels at the municipal, county and state levels, needs to step up their game and invest in proper defenses, which includes in the education and skills development of their employees.
In 2014 the SEC launched investigations into due diligence associated with data breaches. Following this we saw senior business and technology executives stepping down, while the companies remained under investigation. This underscored a significant paradigm shift, making information security due diligence the new business imperative.
The one thing we are all in agreement on, is that the volume and impact of hacking is increasing at a rate we are challenged to adequately manage using conventional approaches. By virtue of this, we also agree that continuing to do things the way we have been, will likely yield the same undesirable results (organizations getting hacked). That is why progressive companies are embracing and implementing the ISO 27001 and other information management and security standards as a holistic approach to managing due diligence within their organizations and outsourced partners.