Information Insecurity
In a connected world, every organization is at risk. Here are some of the tools that can help keep companies protected.
Bartholomew Cooke
Print
E-mail“The best of the best can be attacked,” says Mike McConnell, vice chairman of Booz Allen Hamilton Holding Corp. (NYSE: BAH). Having served as director of the U.S. National Security Agency (1992-1996) and as director of National Intelligence (2007-2009), McConnell knows. “I’ve been beating the cyber-security drum for a long time, and as much success as we’ve had, much more needs to be done.”
From his spacious office on the top floor of a 13-story office building along the Dulles Technology Corridor in northern Virginia, McConnell enjoys a spectacular view of the Blue Ridge Mountains on the western horizon. But he’s more focused on what lies just outside his window, an area through which 57 percent of Internet traffic passes because of the density of telecommunications and satellite companies.
Industry experts warn that the explosive growth in cyberspace has not been accompanied by similar vigilance in security. General Keith Alexander, director of the National Security Agency and commander of U.S. Cyber Command, estimates U.S. intellectual property losses online at a trillion dollars, or “the largest wealth transfer in history.” And those losses could escalate as the means of accessing online data have become nearly ubiquitous.
LEARN HOW IMPERVA PROTECTS DATA IN THE CLOUD
The Virtual Safe
Imperva Inc. (NYSE: IMPV), a provider of data-security solutions, says that online hacking has been “industrialized,” leading to a commodity market of stolen data. “Hackers are selling credit-card numbers in packs of hundreds and thousands, and you can get a number for as low as a few cents,” says Amichai Shulman, the company’s CTO. “Organizations are only beginning to realize this is a problem.”
Mark Rasch, director of cyber-security and privacy consulting at IT and business services company Computer Sciences Corp. (NYSE: CSC), notes that the exponential growth of online data, combined with “increasingly sophisticated attack vectors,” has created a need for constant vigilance on “critical, interconnected and mobile computing platforms.” That means downloading patches, updating software and maintaining firewalls; developing governance policies and training employees about those policies; and implementing basic defenses such as intrusion detection and software monitoring. “Security, if done properly, is a technology that enables and enhances the mission,” says Rasch. “As organizations move to the cloud, there is an opportunity to really get it right from a security perspective from the outset.”
The Threats
What keeps cyber-security experts up at night? “The human being is the weakest link in the security chain,” says Zal Azmi, a former CIO with the Justice Department and the FBI who is now a senior vice president at CACI International Inc. (NYSE: CACI), a company that provides professional services and information technology to government agencies. “Rogue elements exist everywhere, and you can’t know what their motives are. You hire great people and run them through security, but somewhere along the line they decide to do something foolish,” says Azmi, who directs CACI’s cyber-security operations. As WikiLeaks’ publication of classified State Department documents made clear, a rogue insider can render security precautions meaningless.
CACI is working toward “tagging” files with metadata, “so if somebody copies a classified file and it shows up on the Internet, we will be able to immediately track it based on the metadata and determine how that classified information got into a nonclassified environment,” says Azmi. The idea is simple: If an insider knows that a stolen document can be tracked, he or she will be less likely to steal it.
