April 1st, 2015 by admin
You probably know President Obama recently hosted a high-profile cyber-security summit at Stanford. The basic idea was to discuss how to expand the federal government's role in combating cybercrime against American businesses—from simple theft to outright corporate terrorism.
As you'd expect, most of the local tech giants were represented—Apple, Google, Intel, Microsoft, and Yahoo, among others. Our invitation was evidently “lost in the mail.” But had we been there, I would have told the President that our government's power to combat internationally-based cybercrime is actually quite limited—about as effective as playing a carnival "Whack-A-Mole" game.
Obama's summit was another classic case of the government trying to promise more than it can possibly deliver. As long as unscrupulous hackers lurk in every corner of the world, the ugly reality is that cybercrime is here to stay. If the government can't stop it at its source, it's up to you to protect yourself and your business from inevitable cyber-attacks.
Many Small Business Clients, Same Pattern of Security Lapses
Part of our business here at MPA Networks is conducting technology assessments for small companies throughout the Bay Area—law firms, financial services, real estate management, and other businesses. For every company we assessed this past year, we routinely uncovered the same glaring security lapses:
Anti-virus software was not installed on 100% of the firm's computers.
Where anti-virus software was installed, it often wasn't updated regularly to include the latest virus signatures—particularly newly-released "zero day" viruses which can spread through cyberspace like wildfire before they're detectable and containable.
No automated system was in place to download and install critical, updated manufacturer security patches—leaving servers, workstations, and laptops vulnerable to the latest viruses and malware.
The firm's firewall was inadequate—or simply wasn't properly set—to block employee access to malicious websites (a common tactic delivered via links in email spam).
When we present our findings to each firm's management, we usually get the same response: "We thought we were covered." Unfortunately, as the old saying goes, a chain is only as strong as its weakest link.
A single unprotected computer invites disaster for your entire business.
"Not Rocket Science": Hacking Is Hacking
The major corporate security breaches grab the headlines—Target, Home Depot, Sony—but they're hardly the result of "sophisticated cyber-attacks" as described by the news media. It's usually just a determined foreign hacker who relentlessly probes a company's network until they're lucky enough to find an exposed weak spot.
The nuts-and-bolts structure of a small business's computer system isn't very different from a Fortune 500 corporation's, yet it's relatively easier to defend, with fewer moving parts and fewer "open windows" for a hacker to infiltrate. There's no new "magic bullet" the government can offer to fend off cyber-attacks; it's about businesses re-dedicating themselves to effective protective measures that have already existed for years.
Just as government regulations can't prevent you from leaving your house unlocked or your keys in the car, the responsibility of protecting your business's computer network from cyber-crooks will always lie squarely with you. It's just common sense.
So let’s get the word out and keep our doors locked...
Michael Price, President, MPA Networks
Posted in: Cyber and Data Security