You might be next: Data breaches

Share this article:
Illena Armstrong, VP, editorial, SC Magazine
Illena Armstrong, VP, editorial, SC Magazine
We've seen a tsunami of data breaches crashing over numerous large corporations lately, from Sony's PlayStation Network and Google to Epsilon and, most recently, Citibank and the International Monetary Fund. It seems cybercriminals have been mighty active these last few months.

What such activity may indicate is anyone's guess. And, there are plenty of industry folks looking to predict just who might be in the path of this still raging wave of online criminal activity, or just what types of information could be compromised next.

My thought: Pretty much everyone is a potential victim.

That's obvious, right? Most institutions have proprietary information or customer data that is certainly desirable to cybercriminals. Still, there are companies and government agencies that seem to be targeted more than most.
Those leading the pack of most desirable prey include financial services companies like Citibank, customer data-driven organizations such as Epsilon, government contractors like Lockheed Martin, or three-letter federal agencies that have lots of juicy classified documentation for which the risk of getting caught is worth taking. Even, longstanding security organizations, such as EMC's RSA division, have become likable quarry for hackers given that their solutions underpin the security programs of countless critical infrastructure companies (e.g., Lockheed and leading banks). In fact, that these well-heeled IT security companies have seen little in the way of large, publicized breaches is, really, a bit surprising.

So, in reviewing today's cybercrime landscape, no organization – government or private, big or small – is immune.
That's what makes the fact that Sony had no CISO in place prior to becoming the whipping boy for cybercriminal groups such a shock. Maybe I'm naïve, but I simply would have thought that a publicly traded, multinational conglomerate with total assets in the billions already would have had an information security lead. Instead, Sony  was prompted to hire a CISO only after the loss of data of millions of customers, not to mention loads of bad press about its seemingly bungling reaction to multiple breaches.

And while most pros would agree with Executive Deputy President Kazuo Hirai's comments that “no system is 100 percent safe,” its various networks being victimized by hackers in quick succession underscores just how lax its corporate security practices have been. Hirai acknowledged as a “realization” that his company, the world's fifth largest media conglomerate, must undertake “constant monitoring and constant vigilance.” From my perspective, though, to have that realization after experiencing multiple breaches and counting is unacceptable.

As the company strives to rebuild both the integrity of its various systems and its reputation, other organizations are taking notice. According to Intel CISO Malcolm Harkins, who was recently quoted in a BankInfoSecurity.com news item, the many breaches that have prompted Sony to take some steady steps to restore its company name and IT infrastructures are reminders to other sectors' information security leaders that they are potential foils for cybercrime groups. All the risks they face, therefore, must be managed diligently. And, as part of these deeply considered and well-planned mitigation efforts, both CISOs and their executive leaders must concede they eventually will see their infrastructures compromised.

Core to this long-existing reality, of course, is having a knowledgeable, tireless and resolute CISO on your payroll in the first place.
Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in Editorial

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US

More in Editorial

Cash is king...for now

Cash is king...for now

A slide of a card at a POS system sure is convenient, but given last year's Target data theft and recent headlines about the Home Depot breach, some are questioning ...

Addressing attacks on critical infrastructure

Just recently we witnessed the U.S. House of Representative pass two bills aimed at bolstering the security operations of the nation's critical infrastructure.

In search of intelligence...

In search of intelligence...

The interruption of the cyberattack kill chain through the use of intelligence-driven security has been touted as the better way forward.