Cyber attacks and data theft are making headlines like never before, with some of the largest and most well-known brands falling victim. With the frequency and pervasiveness of these attacks, executives in companies of all sizes and across industries are left asking, "if these businesses can be compromised, are we next?"
According to the Identity Theft Resource Center, which tracks data on a daily basis, more than 18.9 million records have been exposed by over 500 breaches that have taken place through September 2014. With staggering numbers like these, being surprised by cyber attacks or adapting a bunker mentality is not realistic.
And, rather than being consumed by FUD (fear, uncertainty and doubt), it's time to be proactive in addressing these attacks. The new reality is "when," not "if," a compromise will occur--regardless of who you are. Embracing the fact that these criminal acts are lucrative and very difficult to prosecute successfully has created a new paradigm in the business landscape.
As long as computers and the Internet serve a central role in commerce, these attacks are not going away. However, significant progress can be made to mitigate the fallout of attacks if the threat is addressed strategically, rather than the organization being caught off guard.
A New Era
Today's cyber attacks are bolstered by the emergence of advanced, next-generation threats that specifically target enterprises through subversive methods that circumvent traditional data security measures with ease. The infiltration of Target Corp. in late 2013 serves as a prime example of a targeted (no pun intended) attack against a thirdparty partner that eventually infiltrated the national chain's point-of-sale network. Over a period of a few weeks, credit and debit cards, complete with PINs, were obtained by hackers. Another recent case involving The Home Depot Inc. featured a similar attack methodology with even greater scale and efficacy.
These targeted attacks are highly effective at remaining undetected. In fact, there is a strong possibility that many organizations have already been infected with malicious software (malware) deep within their networks that is slowly and steadily leaching information. Attacks such as these can take months, or more, to be detected and mitigated. Unfortunately in many cases, these final stages take place only after the damage has been done.
Big Data to the Rescue
Targeted attacks have become so sophisticated that...