No argument here: all these complex perimeter challenges facing security professionals today are painfully real. And putting up your best defensive fight is entirely necessary. Organizations take huge steps to harden themselves at the perimeter. And the expression "defense in depth" remains a popular battle cry for many a security director.
But while everyone is busy building the next best defensive strategy against the next-generation attacks, something else is going on.
As more and more organizations open their systems to employees, customers and other businesses via the internet, there’s a whole other menace in the form of online identity theft, counterfeit product sales, information leaks — online threats and fraud purposefully eating away at company revenue and customer trust.
Reports of information leaks by unethical employees are on the rise as blogs grow in number and influence. Left unchecked, these leaks rapidly wreak havoc on a company’s good name and, ultimately, the bottom line. There’s an unsettling increase in customer diversion schemes as predators exploit successful paid placement advertising models in search engines. Variations of malware aimed at defrauding consumers are growing. Sales of counterfeit goods and gray-market products online are having a huge impact. And there’s more. Keylogging is a dangerous criminal activity that can put your information one step away from a full-scale breach.
Fact is, no amount of defensive gear alone — no matter how good — can keep your information and your information assets safe when it comes to the internet.
Organizations need a strong, ongoing offensive game plan, and that starts with meeting criminals head on where they live and breathe, the internet.
A few basic strategies can make the difference between stopping online fraud in its tracks and being the next victim of a devastating financial blow, or worse.
As the internet expands, criminals are finding it easier and easier to hide in plain sight. The latest, most successful bogus sites look incredibly authentic. Seemingly legitimate email is sent to our inboxes for the purposes of infecting our computers with malicious software that will later be used by organized criminals for their financial gain. Rather than lurking in a dark underworld of the internet, today’s sophisticated online fraudsters are quite comfortable conducting their business right under your nose.
Rather than sit back and wait for them to strike, organizations must meet them in their own habitat, with a solid, proactive, offensive strategy capable of stopping damage before it occurs.
The first offensive move is to have a well thought out strategy to understand online threats. In this way, companies get intelligence on the "visible" internet, as well as blogs, message boards, junk email, and online auctions.
Your strategy also must include mechanisms that signal the most important alerts so you’re in the best position to take action.
To make things even trickier — online risks are extending beyond information security and evolving to combine both cyber and physical security. Many a corporate executive has found his or her home address, travel itinerary or phone number being freely exchanged between individuals who, armed with this information, can pose a serious safety risk.
While CSOs will continue to have their hands full with the latest dedicated denial-of-service attacks, worms and viruses, it’s only a matter of time before online predators set their sights on your organization — and no firewall will be able to protect you and your customers. Having the right proactive process in place can ensure you’re not a sitting duck.
- Todd Bransford is vice president, marketing for Cyveillance, Inc.