Why Hackers Might Already Be Inside Your Network
Anybody working in the front lines of cyber security knows that a company that has anything worth stealing has either been hacked already or already infiltrated by APT (advanced persistent threat) groups. The recent incidents with Target and Home Depot breaches only brought it to the attention of mainstream media but the problem has been a long time brewing. The defenders – rather the people on the side of security – are simply doing a poor job. Why are hackers seemingly winning the long term war? Here are a few of the most pervasive problems:
There’s No Fear of Punishment
Very few hackers that get caught actually get convicted. It’s not just a matter of legislation, it’s also because many cyber crimes happen across country boundaries, and the different jurisdictions mean that the laws sometimes don’t match up, making it hard for the authorities to persecute individuals even if a mountain of solid evidence has already been collected.
Fortunately, steps are being taken by various jurisdictions in order to cooperate on the pursuit of cyber criminals, ensuring that nobody will get away because of geographical boundaries. It may take some time, but hopefully the future is a place where people won’t be too focused on the biggest and boldest financially-motivated hackers at the cost of letting the lone teenager hacker with an equally dangerous agenda scoot by.
Poor Communication
It’s not really a case of the stereotype that IT people are poor at communication – as that ship has already sailed. People in the IT industry these days are not that different from people from other professions who have interpersonal communication as one of their skillsets. However, the problem is that most of the time, communication between the IT security department and the executives (i.e. the people with the authority to make the necessary sweeping changes needed for increased security) are poor if non-existent.
Most of the time, the IT department is siloed off from the higher ups and must coordinate with a middlemanager. Sometimes important security issues take too long to reach the people that need to know about them, and there are the more dangerous cases where the higher ups want nothing to do with IT and just delegate responsibility to a middle manager.
CEOs and CIOs That Simply Don’t Care
It can be somewhat rarer these days as many companies are tech oriented and thus require tech-oriented execs as well, but there are still CEOs and CIOs who fail to take security threats as seriously as they should. It has to do with that mindset that IT security is the sole responsibility of the IT department (disregarding the fact that the IT department usually requires authorization and input from the higher ups). Hopefully, the Target breach, which lead to $1 billion in losses and the firing of both the CEO and CIO, will make executives in various industries stand up and finally take notice.
December 2nd, 2014 at 11:12 am
[…] EFF’s findings and recommendations is especially important after Edward Snowden’s revelations, and should be taken seriously by people who value their privacy and don’t want any third party – government or not – snooping around their communications. […]