|These days, corporate networks are as much a target for cyber crime as government, defense and security systems. The cyber security of most enterprises is being challenged constantly, and the rules are changing rapidly.
A 2011 study called cybercrime in the UK ‘endemic’ estimating its cost at £27 billion a year, the EU increased jail sentences for attacks on critical infrastructure, US President Obama announced the National Strategy for Trusted Identities in Cyberspace (NSTIC) to combat rising identity theft and, after WikiLeaks came a spate of cyber attacks, most of them successful. In this Short White Paper we show:
• Which data breaches are on the rise and why;
• How cyber criminals are cracking enterprise security;
• Why traditional security systems can’t stop them; and
• What cyber security protection you need today and beyond.
NEW PLAYERS: ANONYMOUS AND LULZSEC
To the hackers it may be a game, but for victims it’s serious, embarrassing and costly. Computer game giants Sony, Nintendo and Sega were hacked (Sony multiple times in various countries), Lockheed Martin and Northrop Grumman were attacked, and so were the US Senate, the IMF, PBS and Citigroup. Even security firms like RSA, Comodo and HBGary became victims, along with police and intelligence agencies like the CIA. There are almost too many to name, but this list from CNET is a useful summary: http://tiny.cc/fzyjs
Hacker group LulzSec (slang for ‘Laughing at your Security’), thought to be a spin-off from another group, Anonymous, and claimed responsibility for many of these attacks. As Crikey.com wrote, ‘They’ve demonstrated just how simple it is for even inexperienced hackers to crack the sites of some of the world’s biggest companies and even law enforcement agencies, using relatively simple techniques,‘ adding ‘Lulzsec’s cyber-spree always said far more about the poor security of governments and major corporations than it did about the motley band of hackers behind it.’’
While hackers may still be motley bands as they were 10 years ago, today the attacks are more frequent, on larger targets involving far more data with far more serious consequences. The hack of Epsilon, a lesser-known name who does email marketing for better-known ones like Chase, J.P. Morgan and Citigroup, exposed the email addresses of up to 50 companies with the likely cost to Epsilon running into the billions.
ZDNet’s security bloggers penned this gloomy footnote: ‘Enterprises are increasingly looking into cyber-attack insurance as a defense. That’s a nice fallback, but shouldn’t the first line of defense revolve around buttoning down the various holes in your Swiss cheese infrastructure?
THE NEW GAME
According to Cisco’s CSO John Stewart, ‘the hacking industry is now so advanced that malware writers are copy-protecting their own wares and are better funded and more astute than the forces of IT security.’
The changes in the cyber security landscape are further exacerbated by changes in the IT environment:
• Increased mobility, social networking and Web2 have expanded the opportunities;
• Web-based collaboration has brought external parties inside the firewall;
• More network-connected devices have eroded the traditional ‘perimeter’; and
• Virtualization in data centers has revealed new vulnerabilities.