Today’s businesses are facing new kinds of threats, not physical ones but those that attack through the Web.
Hackers have focused on the private sector, using technology to commit espionage against companies of all sizes, gaining access to secrets from U.S. businesses to leverage a competitive advantage.
“This has created a very real cyber war zone. It’s no longer just a hacker nuisance,” says Pervez Delawalla, president and CEO of Net2EZ.
Smart Business spoke with Delawalla about the tools that companies can use to combat the very serious threat of a cyber breach.
What types of threats do businesses face?
Companies face a range of threats. For example, business identity theft can lead to a breach where credits can be issued or obtained under a business’s unique identity. Or a company’s trade secrets could be compromised through leaks in its cyber security.
If a hacker wants to get information about a company, the first thing he or she will do is look for personal information about its CEO, which could be available on networking and social media websites, and also by gaining access to the CEO’s personal computers. These multilevel and multithreaded attacks are very precise. Whereas previously, cyber attacks could be compared to carpet bombing, they’re now more like precision missile strikes.
What aspects of a business are most at risk?
Financial data are most at risk in the private sector, as this information is very useful and profitable for groups to exploit and sell. The second most at-risk area is business secrets, which are stolen and used to gain a competitive advantage against companies.
How can a company reduce the risk of cyber threats?
Companies should inventory their most sensitive information, that which gives them a competitive edge, and protect it. Traditional intrusion detection and prevention systems, such as firewalls, should be put in place as a first line of defense, but they aren’t completely effective.
To protect extremely sensitive data, companies can hire a security team to monitor and protect their systems around the clock. Businesses can outsource their cyber security and consult with experts to determine what layers of security can be put in place to protect their customer and financial data, as well as their trade secrets.
How are these security systems implemented?
A consultant will look at the data a company maintains and interview its officers to determine how data is prioritized. After the initial discovery sessions, systems will be put in place to see who is accessing what data, where data flows, who has what access level and the patterns of access to determine a security platform that makes the most sense for that particular company.
Initially, the cyber security team will monitor data flow and access for a period of time to build a history and understand what could be considered normal patterns of behavior. This history will then be used to make a strategic security plan.
Once in place, the security team actively monitors cyber behavior. If or when an anomaly occurs, it’s immediately stopped and investigated by the security team in order to find out more about it and defend against it.
There’s a lot more discovery involved in the security consulting process today because of the many networks and extremely large data pools that even a single company can have in place. Also, there is the need to look at these networks and data access actively and have people monitoring it constantly, rather than passively putting a firewall in place and then expecting that it will keep all of a company’s most valuable information safe.
Pervez Delawalla is president and CEO of Net2EZ. Reach him at (310) 426-6700 or [email protected]
Insights Technology is brought to you by Net2EZ