“If you shut down our power grid, maybe we will put a missile down one of your smokestacks,”
With this rather powerful statement the Pentagon commented on their first formal cyber strategy, which concluded that computer sabotage coming from another country can constitute an act of war. This is the first time the US has considered answering with traditional military force when a cyber attack causes ‘death, damage, destruction or high-level disruption that a traditional military attack would cause’. This stems from the notion of ‘equivalence’, one idea getting more popular at the Pentagon. While certainly worrisome for most people with any imagination (who likes to think that hackers can gain access to sensitive military information, or start playing with the controls of your nuclear reactors?), a lot of us still look at cyber security as other people’s problems. Yet, this is a growing issue that we all need to address. And that means all of us. Most companies do not pay enough attention to this issue and find themselves under attack on a more and more frequent basis. Lockheed Martin Corp and broadcaster PBS are just some of the prominent recent victims. Banks are regular targets and almost no one gets upset anymore when another notice of ‘compromised personal information’ from several million users is lamented. On top of people trying to steal valuable data, so-called hactivists will surely become a force to reckon with as companies wrestle with their public images. In a recent WSJ article, Ted Chung, chief executive of Hyundai Card/Hyundai Capital Co., an auto finance provider in South Korea, was quoted saying: “When it comes to big companies or big banks, no CEO is that stupid not to pay attention. But maybe they pay the same attention I did, which is giving encouragement and budget to IT but then saying ‘What do I know about programming?’ he said in an interview Monday. “That is the wrong support.” Corporate executives have to take a more active approach to cyber security.
While you might feel like ‘putting a missile down your hacker’s smokestack’ after an attack, prevention is the better strategy and will keep your blood pressure lower.
On a personal level, it’s a wise decision to have different passwords for different things (yes, really)… and while you probably have decent security software on your laptop, you may not be as diligent with your smart phone. Hackers like to use those to get to your other accounts (like mobile banking, email, etc).
“Miscreants are continuing to find new and creative ways to exploit network, system and even human vulnerabilities to steal information or do damage. The challenge is that we need to block their exploits 100 percent of the time if we are to protect our networks and information. They can be right once; we have to be right all the time. We need to be ever-vigilant in our efforts to protect our assets, information and ourselves online.” says John N. Stewart, vice president and chief security officer, Cisco.
I could list recommendations of how to prevent these things but they would probably be outdated by the time you read this. What is important is to take an active role and be diligent with the information you use and transfer – your own or your employers. And if you are one of the lucky ones that have IT report into you – take an active role. Consider using VPN’s with business partners you trust and digital signatures to ensure your documents arrive un-tampered. Create an incident response team and consider hiring experts that can diagnose your network vulnerabilities. It may not eliminate all risks, but it will reduce your exposure greatly.