Today’s threat landscape is much different than even a few years ago when malware and viruses were created by college kids looking to play pranks against unsuspecting companies, “cyberpunks”. Those viruses annoyed us, maybe they slowed down our productivity, but they didn’t make us afraid and they didn’t threaten something that was pertinent to us: our business, our customer data, our government-held personal data, our national secrets. Today, cartels of cybercriminals and foreign-backed cyber-espionage agents are looking to steal our intellectual property, secrets and damage our reputation and economic position.
Moreover, if there’s one thing we’ve learned in the cybersecurity world, it’s that these criminals won’t always go the direct route to their target. They’ll try to sneak in the back door, through a vulnerability in the network of a customer, a supplier or a business partner. And it won’t always be a technology vulnerability. Today’s threat artists recognize that the most likely way to enter a network isn’t through a gap in technology, but by leveraging the most unpredictable factor of all: human behavior, as in employees who might open the wrong e-mail, hit the wrong website or attach the wrong USB drive. This is called “social engineering.”
It would behoove security officers in the private sector to keep a closer eye on their own systems for the time being. Now is a good time to remind employees about security best practices, and encourage them to say something if they see something out of the ordinary.
While the government may not be functioning at 100 percent, we would all be wise to raise our own level of awareness.
About the Author:
Julian Waits serves as president and chief executive officer for ThreatTrack Security, guiding the company’s growth as it traverses the enterprise security market with sophisticated threat analysis, awareness and defense solutions that combat Advanced Persistent Threats (APTs), targeted attacks, zero-day threats and other sophisticated malware. He has more than 20 years of experience at all levels of IT, from network engineer to Sales VP and previous roles as CEO, when he led Brabeion Software Corporation, maker of IT governance, risk, and compliance software, and Way2Market360 LLC., a startup accelerator.