An article on CNN about thousands of French websites that have been hacked mentions how this is a more common occurrence than most realize, saying that websites and companies fight off potential attacks daily. But then this paragraph caught my eye:
But what could make this episode in France noteworthy is that it's yet another sign that the digital world -- websites, apps and social networks -- are increasingly targets on a battlefield without national boundaries.
Another example was the recent hijacking of the social media accounts for U.S. Central Command. As ABC News pointed out, this situation is being considered a case of cyber vandalism, allegedly conducted by supporters of ISIS, but again, it is a reminder that those who want to make a statement or have intent to cause harm have an outlet through the digital world. This method of attack will end up affecting a lot of innocent victims, as the French website hacking showed.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
At least one person mentioned to me that the ISIS situation may have been done as a statement against President Obama’s proposed cybersecurity initiatives. I’m not sure I agree with that. However, I do expect some kind of backlash by those disgruntled by the idea of the initiatives or disgruntled by anything that comes out of Washington. And, just as a bunch of innocent websites were attacked in retaliation in France, I suspect that random U.S. companies could end up targeted by someone who wants to make a statement, someone who is taking advantage of that battlefield without boundaries, so to speak.
Erik Knight, president of SimpleWan, sent me a list of suggestions on preventive measures that companies can take to avoid potential data breaches. I’m going to share some of them here because, while they do focus primarily on data breaches, I believe that the advice should be heeded for overall security. It isn’t just data breaches companies need to worry about anymore; security has gotten a lot more complicated than that. So here are my favorites from Knight’s tips:
- Have a professional IT Vendor (Don't Hire Cousin Vin's little Nephew). The facts are, times are changing and these "Computer Guys" just don't know enough about security and are probably learning themselves. You have to hire a firm that knows about proper procedure and threat assessment, and unfortunately you're not going to get this from the little guy.
- Don't just pay when things break, make sure your IT infrastructure is patched and kept up to date, audited and tested for security holes monthly. The people that don't do this and "cheap out" are what we like to call easy targets and will most likely be hacked by people just looking for easy targets. If you look like an easy target, someone will spend the time to try and get into your network. Our best advice is not to look like one.
- Don't deploy one-time equipment anymore. At one time, it was smart in business to buy a big technology purchase and write it off over a number of years. A standalone device purchased only a year ago that hasn't been updated or monitored may already be breached and you wouldn't even know it. The reason cloud is so popular today is because you pay a service fee and it’s someone else's job to keep everything current and secure. Businesses should consider this in all aspects of technologies.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba