Professor Howard A. Schmidt, White House CyberSecurity Advisor and CEO of Information Security Forum, was speaking recently on the emerging threats created by the global economic upheaval. As businesses of all size expand, via the Internet, to engage with sales, production and distribution partners around the world, new threats become imminent.
Political – Espionage, previously things of the Cold War and Hollywood entertainment have become a reality due to the ability of almost anyone to use the Internet to unearth and piece together confidential information on individuals, governments and corporations. What is illegal behavior in the U.S. may not be illegal in the other countries your business operates in.
Legal – Theft and misuse of other company’s intellectual property and brand names is commonplace and laws differ across each border. Identity theft we hear about regularly on the news. Electronic evidence can now be retrieved from all sorts of communication devices and protocols between employees and the world. What you say, where you say it and how you say it must now be monitored.
Economic – Organized crime has evolved from the days of extorting storekeepers for “protection” to well-planned thefts of credit card information and kidnapping of customer hard drives via the Web. Emerging nations are using technology as a way to help their struggling economies but in the midst of that growth, criminals exploit the rudimentary architectures and security vulnerabilities.
Socio-cultural – High unemployment has exacerbated the increase of disgruntled employees and thus creates an environment for increased employee data theft, fraud, embezzlement, corruption and risk.
Web enablement of society – As more and more devices that are part of daily life become web-enabled the possibility of security incidents that have life threatening impact becomes real. An example is IP-enabled pacemakers. These devices contain a radio transmitter which connects wirelessly to receiving equipment to report on the condition of the patient’s heart. Any problems are instantly reported to the doctor, and regular checkups can be done by remotely interrogating the home-based equipment. Imagine the impact on a person’s life if the network were to be compromised.
5 steps to reduce global risk
The things you can do to reduce risk in this global economy, according to Professor Schmidt, include:
- 1. Get the basics right – Identify critical and sensitive information that requires special handling and secure management. Continually re-assess your risks, identify and deploy security controls and re-examine your security function activities.
- 2. Throw out assumptions – Look beyond historical data that might say “we’ve never had a security breach” because complacency is the point where your risk grows greatest. Question your long-held beliefs about security and about the nature of threats from employees and business partners.
- 3. Plan for uncertainty – Prepare for a whole new world where wireless communication is the norm. And where cyber criminals lurk in the alleys off each transmission. Develop and rehearse responses in the event of a security incident, much like disaster recovery drills.
- 4. Become a risk champion – Adapt to changes in your organization’s risks. If previous security plans were based on old technologies that have since been updated, then update your security strategy and plans as well.
Build for the future – Maintain your capabilities to respond to incidents; collaborate with others and have an end-to-end strategy.