Learning the Hard Way:
Cybercrime is dealing a crushing blow to companies, governments and citizens. Over 552 million identities were exposed in breaches last year, and the cost was estimated to be a trillion dollars in the U.S. alone. Cyber-attacks are expensive, in more ways than one; consultants and security experts to patch up the breach, lost profits, damage to reputation, business interruptions, lost opportunity costs, lost jobs, loss of sensitive business information and expensive monitoring for future breaches. Hundreds of millions of dollars have been spent on cyber security solutions, yet billions of dollars continue to be lost along with the theft of private data. Target, Home Depot, JP Morgan, Sony, and even the US Postal Service are just a few of the recent victims of significant data breaches. There will certainly be more.
Media reports have made cybercrime, data breaches and cyberfraud appear to be inevitable, saying it’s not a matter of if, but when we see the next massive breach of private information. That shadow of inevitability is misplaced. With the right controls, criminals can be stopped from hacking into systems. The “right controls” must include two things – identity verification and assured rights management.
The Truth About Hackers:
The simple truth is that hackers enter systems disguised as an authorized user. Most Cyber crime and data breaches occur via the impersonation of a valid user. They are most frequently the result of access being granted to a system via misappropriation and misuse of a valid user name and password. If hackers can’t get valid user credentials, they can be cut off at the knees.
While everyone seems intent on detecting hackers and minimizing damage, the focus instead should be on keeping criminals and users who have stolen credentials out of systems. Consumers should demand better protection of their data from the people with whom they do business, as well as their government entities.
Passwords are Not Secure:
Passwords alone offer little protection. Humans make mistakes: They lose or misplace laptops, tablets, and phones. They create too-simple passwords. They misplace their passwords. They may trust vendors with access that is easily stolen (Target). They may think they’re saving the world by exposing data (Snowden). They may even sell their credentials for profit.
Organizational insiders commit up to a third of cybercrimes. We all fear criminal hackers in a lawless country working around the clock to crack our security. But we must protect ourselves from unethical or criminal insiders, too. The human element needs to be taken out of the loop when it comes to data security. Those human mistakes can be avoided. Our technology stops the criminal from impersonating a valid user and gaining access to the system.
Containment Vs. Prevention:
Detection services aren’t adequate. You can’t fix the problem when the data has already been breached. Hackers are relentless and will find entry into systems that don’t have adequate controls. Patchwork fixes to stop the flood of data breaches are useless; only systemic change will be effective. More money is being spent on patchwork fixes than the actual loss from theft.
The current cyber security establishment is focused on the treatment rather than the cure of cyber crime.