BlogPrivacy Professionals Should Share the Wealth Legislating Social Privacy When Privileged Access is no longer a Privilege |
RSS Feed
RSS Feed
Advanced Cyberthreats: Are You Ready?July 6, 2010
Last September I had the privilege of addressing an audience of IT professionals from the chemical industry during the ChemITC Annual Conference. My presentation focused on applying lessons learned by consumer-facing industries from five years of experience dealing with data breach notification regulations and what those lessons can teach an industry that, like many others, is beset by data security issues.
A number of high profile cases of corporate espionage in the chemical industry, including two instances involving the DuPont Company, illustrated the simple truth that any data that has value will be targeted by data thieves. In two separate events, former DuPont employees Hong Meng and Gary Min made off with trade secrets before moving on to new situations. In Meng’s case, the IP was headed back to his homeland in China. Min had accepted a job with a DuPont competitor.
Because theft of intellectual property does not require public disclosure, stories like these don’t make headlines as often as data breaches involving personally identifiable information (PII), but while I was at the conference representatives from the Department of Homeland Security were also on site making impassioned pleas to the attendees to cooperate with the federal government’s efforts to combat cybercrime. As producers of strategic, dual-use technologies, many companies in the chemical industry are targeted by persistent attacks from overseas organizations – governments and rogue elements – in an attempt to steal intellectual property that can be used in military applications.
The message to the industry was clear: we know you are being targeted and we desperately want to help, but we need your cooperation.
Today, the Ponemon Institute issued a new report that gives greater weight to the challenges addressing cybersecurity.
Sponsored by NetWitness, our study produced some numbers that should give pause to anyone in the information security game. For example:
· Although 83 percent of respondents say they believe their organization has been targeted by an advanced cyberthreat, 41 percent said they don’t know how frequently they have been targeted.
· Half of respondents believed that proprietary data has been targeted by cyberattacks, while 48 percent said they believed the target to be PII such as customer or employee records.
· Although 58 percent of respondents said their organization had adequate policies in place for dealing with cyberthreats, the tools (32 percent) and personnel (26 percent) in place to deal were not up to the task.
· Perhaps most disturbing, 46 percent of respondents told us that detecting an attack by an advanced cyberthreat took at least 30 days!
Make no mistake – your enemies and our rivals are hard at work trying to gain illicit access to the valuable information stored within your enterprise. At best they may be hoping to play catch up with the pilfered fruit of your investments in R&D. At worst, they may have designs to do financial harm to individuals, or physical harm to people and property on American shores.
We urge you to arm yourself with more information and understanding about the realities of the advanced cyberthreats that are being used to access your information systems. And we urge you to learn how you can cooperate with the Department of Homeland Security in order to better respond to such threats and, by sharing information, better prevent those threats in the future.
If you want a copy of our report, Growing Risk of Advanced Threats, it is available by request through NetWitness. If you’d like more information about how your organization can better prepare for and respond to these threats, give us a call.
Posted by Mike Spinney at 5:12 pmAdd Comment (0 comments) |
