In late July, NBC News published a top-secret map from the National Security Agency (NSA) pinpointing more than 600 cyber assaults, allegedly conducted by the Chinese government, which targeted U.S. government agencies, critical infrastructures, corporations and private citizens. On the plus side, the map isn’t a depiction of last month’s activities, or even last year’s. Released in February 2014 for an agency briefing, the map is filled with red dots that identify attacks spanning a five-year period, per the NBC report.
Of greater concern is that every dot on the map represents a successful attempt to steal highly sensitive data, including not only corporate and military secrets but also details about America’s electrical power, Internet backbone and other critical infrastructure. Intelligence sources interviewed for the article said information stolen ranged from formulas for pharmaceutical products to details about U.S. military and civilian air traffic control systems.
While the media are having a field day talking about the leaked map and postulating what the NSA is planning next, we at InterDev are concentrating on the implications of the map for ordinary business owners. Many security experts have long maintained that governments and criminal enterprises are behind the majority of successful, large-scale attacks, and this is now an accepted fact. However, the scope, stealth and success ratio of these attacks is increasing at a rate that surprises nearly everyone.
These groups are well-funded and well-organized, and it is becoming more important every day for all organizations, large and small, to present an unyielding defense against their activities. Furthermore, attackers are moving beyond financial or personal data to corporate information not subject to compliance regulations. That makes it vital for firms to protect all their digital assets. It has been unsettling for us to discover how many companies store truly important information in a careless manner if they are not required by law to take greater precautions.
The first step for any company hoping to protect itself against these threats is to have a thorough assessment, not only of their security systems but also of where and how they store their proprietary and sensitive data. This involves the entire eco-system of data, and not just plans, schematics and other obviously valuable information. For example, email messages are often targeted in cyberattacks, specifically because employees unwittingly give away sensitive details in conversations.
As we have mentioned before, human beings are the hardest corporate asset to secure, and what is inside their heads cannot be locked down. Only the mechanisms by which they might disseminate that knowledge can be secured. It’s a task that no organization should take lightly.
To learn more about security assessments and other steps you can take to protect your firm against these unrelenting assaults, or to explore any other security-related question, feel free to email us or give us a call at 770-643-4400 (toll-free: 877-841-8069).