The Jack-in-the-box is a favorite toy for many children. The surprise or funny character springs out of nowhere and makes a child laugh and smile. For those in charge of a company’s data security, it’s déjà vu every time the virtual Jack-in-the-box pops out of nowhere in the form of a hacker or an outage, but instead of laughs and smiles, it leaves behind an aftermath of shock and dismay.
Preparing to prevent such attacks is now the never-ending task of any enterprise, with CIOs playing a significant role in slaying the trouble at the stem.
What’s what of who’s who revealed
The year was 2013. A heist of over a billion Yahoo users’ data occurred in what has been termed the biggest data breach in history. The revelation, however, didn’t come until 2016, with Yahoo asking users to change their passwords. In the nearly three-year gap between the two events, those leaked pieces of vital information had fallen into many a criminal’s memory banks.
This was apart from the breach that occurred in 2014, when nearly 500 million accounts had their information compromised via being stolen. It took two years for Yahoo to inform the world about this. This episode cost the ailing company and undermined the trust of both its customers and the market.
This happened while Verizon was trying to buy Yahoo for $4.8 billion. (That price was reduced after the breaches were made public.) Yahoo has been struggling for years — it did not innovate fast enough, it did not catch on to certain sizable trends either such as social, search, and mobile. Even so, Verizon is getting a lot here for not that much money.
Another leak that comes to mind is that of Apple’s servers, in which private data of celebrities and other individuals became public, leading to a scandal of sorts and the tarnishing of Apple’s image.
While the media’s and public attention was on the gratuitous pictures and videos of celebrities (Scarlett Johansson — don’t put naked pictures of yourself on your cellphone, not too bright!), the main issue was the stripping away of the security layers of one of the greatest tech companies on the planet, which touted its cloud storage service as one of the most secure.
These examples further stress the need for a comprehensive plan to mitigate potential leaks of sensitive information.
Where’s the scare?
The attack on enterprise data is on the rise, and hackers are increasingly using multiple channels, methods, and tools to make their efforts more effective. Companies have to keep a 360-degree vigil at all times to maintain security. According to Experian Data Breach Resolution, the following trends will be the most prevalent in 2017:
- International, nation-state cyberattacks
The tumultuous international political landscape has made enterprises, especially defense or IT related, prime targets for espionage purposes for an all-out cyberwar. Government-sponsored hackers are always looking at newer ways to penetrate the defenses of companies that hold data vital to their assault plans, or black out the services altogether. Watch the movie “BlackHat”!
Even if the attacks involve only the involved governments’ cyber assets, companies even remotely related to them will be affected. Potential damages to the system can also include leak of information belonging to employees and customers. The 2016 Jason Bourne movie comes into mind as well.
- Digital currency confiscation
Advances in technology in recent years have led to the push for digital forms of currency to replace cash. The push for a cashless economy is now circulating a lot faster than money itself, with countries like Sweden, Kenya, and India setting the stage. With the growth in digital transactions comes the growth in the number of attacks leaking from the flow of digital cash as well.
A data breach in the financial sector will mean total devastation since it’ll not be just simple text that’ll be loose. Livelihoods of many can be lost in a matter of seconds, and an entire economy can be crippled if the scale of the attack is massive enough.
- Salt on the open wound
Health care is increasingly going digital for a multitude of reasons, the major one being recordkeeping and billing. Such a move mandates improvement of cybersecurity since hospitals are the new soft spots for those seeking to sting secretively using the Internet.
An information leak would mean the exposure of the vulnerabilities of countless patients, including critical financial ones. Criminals can make false insurance claims using a patient’s health record, or they can hold the health-care facility to a ransom threat for either the release or the blockage of data.
- Echo relocation
The growth of cloud-based computing services has created the ability and the need to have a single point of access for a multitude of services offered by a company. A password is, thus, not restricted to any one service, but plays the role of the master key to all of them.
This has made any password breach much more dangerous. The login credentials can be resold many times and be used to avail passage to the host of services in use by the customer, compounding the problem of the breach. This can have a cascading effect on the resulting harm caused by the first attack by leading to more breaches.
Getting battle ready
It’s evident that enterprises must be prepared to avert a data breach in all manners possible. To this end, companies have been diverting a significant portion of their resources. The CIO is at the forefront of this charge: The strategizing, coordination, execution, and management of all the required security measures rests on his or her shoulders. It is thus crucial that CIOs remain up to date with the ever-evolving scene of cyberthreats, as the future of both the company and the CIO is always at stake.
So, what are the efforts that a CIO can put in to create an effective shield? There are a few guidelines:
Prevention is better than cure
Education is an effective method of raising employee consciousness, but more measures are usually necessary. First, make sure that only the appropriate personnel have access to vital resources. Also, set up automated screening of potential malware and other threats that may attack via benign-looking communications material and links. And limited LAN connectivity along with its constant monitoring and securing channels with multilayered encryption algorithms also go a long way in the quest for a secure infrastructure.
Though the investment may seem high in establishing this infrastructure, the cost of a breach will be far greater. Just go watch a season of “24”!
Standing the virtual ground
In the event of an attacker breaking through all the barriers put up in the earlier stage, the CIO must already have put in place measures to counteract that threat. Methods could include remote backup of data and wiping of the server being attacked, emergency shutdown of the machine, taking the affected unit off the network, or a real-time counter attack.
Losing more than bits
With great power comes great responsibility (too bad that “Spider-man” movie and all the rest were terrible!). Should there be a failure on the part of the CIO in doing what needs to be done and a breach does occur under his or her watchful eye, it could lead in any of these directions:
- Heads will roll
Whether the CIO is completely responsible or not, the situation of a breach is not something top executives will excuse. This is all the more true in the case of a publicly listed company.
- Prestige flush
Even if the CIO escapes being kicked to the curb, the person’s professional reputation will go down the drain in the case of a successful attack. When it’s time for appraisal, the CIO is sure to be handed the short end of the stick or just plain ignored. They will have to work hard to redeem themselves.
CIOs have a critical role to play in the future of global business management, particularly in terms of cybersecurity issues. With the right awareness, tools, and personnel, CIOs can help make this world a much safer place by curbing the spread of cyberthreats.
Photo credit: Pixabay