Better Safe than Sorry When it Comes to Security

by Salvatore Sparace

On July 9th The New York Times reported, “Chinese hackers in March were able to compromise the US Government’s network that houses the Office of Personnel Management Database. They appeared to be targeting files on tens of thousands of applicants for security clearances.” The report traveled quickly across the major news outlets with officials unable to comment on the extent of the act.

Cyber-attacks against our nation’s government occur nearly on a daily basis. Since we are such a target, leaders have increased federal involvement in protecting the nation’s privately-owned critical infrastructure. And in 2010, the Administration tasked the Department of Homeland Security to lead the federal government’s efforts to secure its own computers. The journey revealed that some of the most alarming weaknesses were dangerously close to home.

The Federal Government’s Track Record on Cybersecurity and Critical Infrastructure report released in February of 2014 stated, “Eleven servers checked by the Office of the Inspector General (OIG) last year had no password protections or default/weak passwords, meaning an attacker could gain access to the systems, and could use them to attack other systems on the Department’s network. One of the unprotected machines the OIG found was a payroll server, which was configured to allow remote access to anyone, without a username or password.” Other vulnerabilities included numerous anti-virus software updates that had not yet been installed. This just goes to show that even the most sophisticated organizations need to stay vigilant when it comes to security.

The Ponemon Institute released its 2014 Cost of Data Breach: Global Analysis earlier this year in May. According to the findings, “Throughout the world, companies are finding that data breaches have become as common as a cold but far more expensive to treat.“

The report shows that most companies had to spend more on their investigations, notification, and response when their sensitive and confidential information was lost or stolen. As revealed in report, the average cost to a company was $3.5 million in US dollars and 15% more than what it cost last year. US companies had the highest costs at $195 per record. There was some good news: the research reveals that having business continuity management involved in the remediation of the breach can reduce the cost by an average of $8.98 per compromised record.

With the number of cyber threats increasing at an alarming rate, we encourage our customers to take a more active role in information security awareness. We reinforce the need for forming, as well as following, diligent security best practices. For example:

• Revisiting user training and awareness regularly
• Utilizing mechanisms for intrusion detection/prevention systems
• Network traffic monitoring
• Periodic log audits
• Adhering to compliancy guidelines when applicable

In addition, everyone should re-evaluate their own acceptable level of risk. Make sure you know the answers to questions such as “What type of data is on my network?” “What damage or loss could the organization suffer if it’s compromised?” “What level of effort will be endorsed to protect data?”

Of course, the next evaluation is the costs associated with a loss, such as:

• Conducting investigations
• Organizing the incident response team
• Public relations outreach
• Audit and consulting services
• Legal services
• Lost customer business
• New customer acquisition

The experts at PC Connection believe you can absolutely take measures to protect your organization and minimize risk. Even the most secure networks can be compromised. By taking a neutral or not participative stance in information security, an organization is almost assuredly going to run into serious pitfalls down the road. Better to be safe than sorry.