While there is an entire industry focused on how to steal information at scale, and they enjoy a decent success rate, can we really establish anything close to real security? If so, it will take the collective effort of an entire industry. Developers create about 383000 new malware variations each day. Only 8% of incidents are identified by the firewall and network solutions. And it seams to be getting worse. Worldwide $70 billion were spend in 2014 to prevent or stop threats, but the bad actors made at least $300 billion. Crime seams to pay a lot. Security breaches cost more than $1 trillion annually. Cybersecurity is a real market, whether you have good or bad intentions. Barriers to hacking have dropped lower than ever. China is home to 400000 registered hackers who get health insurance and have access to the latest tools. Hackers no longer need to know how to code or hide in basements. They can find plenty of support. They have also found more efficient ways to get money for the information they receive. They can access databases for long periods of time and use similar strategies to make money as the hacked companies would do. For example, when hackers receive medical information, they can sell details of a person’s health insurance coverage, and someone else can get surgery performed under their identity. The level of professionalism will probably improve even more.
Fortunately, so can countermeasures. Not long ago, all of the efforts focused on threat prevention and detection. Now, companies deploy broader strategies to protect their brands – both technological and behavioral. They won’t stop hacks completely, but some trends can help marketers against the threat.
1. Securing the supply chain is major step toward leveling the field
Kezzler AS found a way to track and protect products at the unit level rather than the warehouse level. Clients use it to secure global supply chains and protect products from counterfeiters. Most of today’s randomized code isn’t really random and a hacker can identify patterns and crack them. Most of these codes are generated by relational databases. And because it is a calculator process, the data or numbers are stored in these databases, and thus can be hacked. Kezzler SA found a way to leave behind an algorithm that only activates with the right encrypted technology. Therefore, Kezzler systems can produce a secure and unique code for every unit a company has in its supply chain. A manager can find out immediately where any piece of product is, and quickly pull together all the other information related to that item. This includes a tracking memory of what units are accessed by a user device, what was requested and where the request originated.
This level of security and oversight will be very useful in future. Companies of all types can track their product units and not worry about storing the data in a relational database that could be hacked.
2. Bring you own device to work is likely a big mistake
Many IT professionals believe that their own employees are their greatest security risk. At the same time, the “bring your own device to work” trend has gone mainstream. That is a lot of increased risk, particularly in a world where more than half the content consumed goes through mobile devices.
A significant security risk was found in more than 600 million Samsung mobile devices. The flaw were pre-installed keyboards that could allow an attacker to gain access to sensors and resources on the phones, including GPS, cameras and microphones. They could also tamper with existing apps and secretly install new malicious ones without the user knowing. They could even eavesdrop on incoming and outgoing messages, voice calls and data. And all of this they could do from anywhere in the world. This is just an example and it is not specific to Samsung. It can occur with any mobile software or phone.
Some of the risks can be avoided by avoiding to use unsecured Wi-Fi networks. However, few employees do that reliably enough. Instead, we have to rethink the entire “bring your own device to work”. The average hack costs a large company almost $9 million.
3. Fragmentation is the friend of the hacker
Separate apps for every sensor, gadget or appliance multiply our security risks. Mixing work and play on our devices only boosts the potential for breaches. Software developers keep pumping new apps without any real clarity on security standards. The lack of these standards will come back to bite us. Devices that touch the company network need to be highly monitored on what apps they contain. Hackers can insert themselves into the cracks of such fragmented markets. The lack of standards and the explosion of apps gets them one step closer to our valuable information.
4. Securing our brand’s identity is as important as securing our personal identity
Scams have figured out a way to hijack something nearly as sensitive as our data – our brand’s identity. They use it without our knowledge and use it to take advantage of unknowing consumers. If someone steals our personal information, we get angry and do anything to stop the theft. But if someone steals our brand identity and uses it in a similar manner, we don’t get this worked up. Hackers use sub-domains on social media sites to take advantage of that brand. Like this they can drive traffic to their sites to sell fake products. They will create invoices that look like vendors’ but route the money to their own accounts. They hack into your corporate credit cards and use them to sell the info on the black market. We can protect our brands by locking up all of the domains and sub-domains for each country and for all the brands in which we invest significant capital. And we can educate our employees on how they decrease their risk, so their behavior doesn’t increase the odds of our information being accessed. Some concrete steps to improve security in the workplace:
– Separate business and personal – don’t send business information to your home. It’s too easy to steal from your mailbox.
– Share any phishing emails with IT early.
– Report theft of any devices that you use for work
– If a password is not required, be careful. If you access public Wi-Fi without use of a password and user ID, assume your information will be accessed and compromised.
– Improve your passwords.
– Don’t download torrent files – they are filled with malware and viruses.
– Recycle and restore devices – If you used a personal device for work, don’t sell it or throw it out. Make sure any data on it is destroyed.
5. Visualize our antagonist’s game plan and develop our own
When we launch a new product, we rely on the research and insight to know exactly how to win against our competitors. A rigorous approach comparable to war is needed to protect our business intelligence. Preparation needs to start by analyzing the patterns occurring worldwide and understanding how to wage the right battles against an army of hackers who arrive at work each day to steal our information and make money with it. We can develop strategic insights by sharing information on had actors and then developing collective and business specific plans of action. Security companies track a lot of data, which will help us to come up with new strategies. T.K. Keanini said: “Defenders need to find hundreds of vulnerabilities and fix them all, while the attackers only need to find one. Attackers need a complete series of operations without being detected, while the defenders only need to detect them in one.”
