Perspectives on improving defense against cyber attacks

8 avril 2013

With so many businesses relying on the internet for productivity, email hacking or any other type of cybercrime can be a devastating event. An unfortunate trend, but malware is clearly becoming more prevalent, targeted and sophisticated. David Raths of Campus Security spoke with security experts to highlight how to improve defenses against these threats.

He first talked to Fred Cate, a law professor and director of Indiana University's Center for Applied Cybersecurity Research and Institute for Information Policy Research, who said his organization first had two small data breaches a decade ago which got the attention of the school. This led to greater emphasis on security, as Cate said that it needs to be moved up the governance chain.

"As in the corporate world, it is ironic that if you suffer an attack, that makes it much easier to get resources for security," he told Raths, "And if someone else is attacked, the closer geographically and the more the victim looks like you, the more impact it has."

Know the enemy
Another expert, Andrew Howard, a Georgia Tech Research Institute research scientist, said organizations must know who their enemies are, as being able to identify who is attacking can allow businesses to better figure out how to stop the attack in its tracks and lessen the effect of it. Howard said since figuring out where attacks are coming from, they have seen a 97 percent reduction in compromises.

In another report, National Security Agency analyst Tony Sager expressed that when defending against cybercrime, companies have to know their enemy and their skill level. This means they should know the technology that is out there and what kind of effect it can have, as treating hackers as though they are unable to be stopped leaves a company defenseless.

"Your goal is not to build the perfect defense, but to interrupt him," he said, according to the news source. If the company can block the attack for long enough, recovery becomes much easier and attention can quickly be turned elsewhere. Email hacking can be dangerous for a business, but it doesn't have to completely stop what a company does.

Vous utilisez Postini? Pourquoi la sécurité offerte par un fournisseur d'applications dans le cloud peut s'avérer insuffisante