Top 10 Cyber Security Threats in 2012—And What To Do About Them
November 30, 2011 5:58 PM
The cost of being unprepared
At $7.2 million, the average price tag for a data breach is certainly a menace worthy of urgent consideration and vital concern for all insurers. Thus, we present 10 cyber fraud threats that you need to know heading into 2012.
1. Exponential growth of mobile devices
Threat assessment: Every new smart phone, tablet or other mobile device opens another window for a cyber attack, as each creates another vulnerable access point to networks.Threat response: Push all communications from employees portable devices through the corporate network. Allow no retransmission of any content obtained from within the network through such devices, except through monitoring software.
2. Increased C-suite targeting
Threat assessment: Senior executives are no longer invisible online. Companies should assume that hackers already have a complete profile of their executive suite and the junior staff members who have access to them.Threat response: Train executives not to post any personal information to social media or other public websites. Screen all incoming mail to top executives for signs of social engineering through messages that appear to come from friends. Scan all messages for odd command-and-control instructions and extraneous lumps of code.
3. Growing use of social media contributes to personal cyber threats
Threat assessment: A profile or comment on a social media platform even by the CEOs son or sister can help hackers build an information portfolio that could be used for a future attack.Threat response: Establish a policy that restricts senior executives and their relatives from posting information to public sites that indicates any personal interests that could be used to build profiles or guess passwords and other authenticating access information. Use available site-monitoring software to cull and, when possible, remove any new information about executives or superusers on your network. If your superusers are gamed, you will lose control of the operations of basic functions.
4. Focusing your efforts internally
Threat assessment: Security should remain a priority, but todays risks and threats are so widespread that it will become impossible to have complete protection the focus of cyber security tactics increasingly must be to analyze, detect and expunge threats already present inside your system.Threat response: Spend as much time filtering communications inside your network as you do on those communications coming into your firewall or trying to pass through your perimeter. Scan servers inside your network constantly for inexplicable files or fragments of code. Institute a dynamic defense: Appoint around-the-clock security cops to observe and predict new tactics being used to put unauthorized code inside your network and replicate it.
5. Everything physical can be digital
Threat assessment: The written notes on a piece of paper, the report binder and even the pictures on the wall can be copied in digital format and gleaned as tools to enable a hacktivist-type of security violation.Threat response: Create awareness inside your organization that no photos or other images of any sort should be captured inside the walls of your offices, without management supervision. That smartphone photo might actually be capturing usernames and passwords posted on cubicle walls. Or it may provide fodder for e-mail messages that will look like they are coming from trusted insiders, but arent.
6. Cloud computing's expanded role
Threat assessment: The significant cost savings and efficiencies of cloud computing are compelling insurers to migrate to the cloud.Threat response: Create "vaults" to protect your assets, particularly something as valuable as algorithms. Lock down access to servers, except through two encrypted keys being used simultaneously by two different authorized users. Require biometric authentication before those users can employ and deploy their keys.
7. Global systemic risk will include cyber risk
Threat assessment: As insurers, banks and investment firms continue on the path to globalization, they will become increasingly interconnected. A security breach at one firm can create negative ripple effects that greatly impact systemic risk in financial markets.Threat response: Filter incoming messages, in SWIFT or FIX protocols as stringently as any e-mail message. Or more: look for unexplained code tucked in hard-to-notice spots, non-standard formatting of messages, extraneous code attached to the messages, stuff that looks like commands. In fact, companies should screen all traffic flow from trading partners, market data vendors or other known partners as stringently as any traffic from inside. Audit the security procedures of any exchange, trading partner or vendor you allow to connect with your network.
8. Persistent zero-day malware and organized attacks
Threat assessment: Like a vicious, insidious virus that mutates, the tools of cyber criminals adapt and change constantly, rendering the latest defenses useless. Firms need to be prepared to adapt quickly to zero-day malware and the tactics of organized crime and foreign adversaries that are increasingly used today.Threat response: Put in place tools to watch for known signatures of malicious software. But develop an internal task force that watches trends and is charged with out-thinking and out-flanking the most brilliant of outsiders. Assume that every threat coming your way has no known signature and has been months, if not years, in development.
9. Insider threats are real
Threat assessment: The accidental insider breach will continue to be the primary source of compromise for the Advanced Persistent Threat a long-term, sophisticated and enduring attack -- and other attempts to take advantage of existing systems.Threat response: Organizations need to focus on security awareness training and internal monitoring to detect intentional and accidental insider access. Data needs to be classified by its value to the firm, with the most important data being accessible only to the most valued managerbiometric authentication required. But, even then, not even the most valued manager should be allowed to make changes without secondary approval. Monitoring software should oversee all interactions from any source or individual.
10. Increased regulatory scrutiny.
Threat assessment: In October, the Securities and Exchange Commission introduced guidelines that require companies to report incidents that result, or could possibly result, in cyber theft or a risk of compromised data considered material.Threat response: Establish security standards that exceed all industry standards. Start with ISO/IEC 27002, an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC).