Got a Plan to Fight Cybercrime? Don’t Be a Victim. Invest in Your Defenses Now.
Cybercrime is on the rise. And it’s no wonder. It’s an incredibly lucrative “business.” In fact, now more profitable than the illegal drug trade, cybercrime generates some $100 billion globally per year.
Hundreds of thousands of attacks are launched around the world daily and may include, but are not limited to, phishing, theft or manipulation of data or services via hacking or viruses, identity theft, and financial or e-commerce fraud. Often, software flaws or vulnerabilities provide footholds for attackers, who can range from student hackers and corporate spies to criminal gangs and even countries out to wage cyber warfare against other countries. Cybercrime is no joke, but rather, one of this century’s most serious threats.
Are You an Easy Mark?
While every organization faces this threat, some are at greater risk than others. Sure, larger companies may mean larger payouts for cyber crooks, but big institutions generally have more resources—monetary and personnel-wise—to combat security issues. On the other hand, small and medium-sized companies appear to be more vulnerable to cybercrime. They are often so focused on growth that security tends to fall by the wayside, which leaves unpatched and susceptible systems sitting in their data centers.
According to Verizon’s 2011 Data Breach Investigations Report (a study conducted in cooperation with the U.S. Secret Service and the Dutch High-Tech Crime Unit), organizations with between 11 and 100 staff have suffered the most during this past year’s explosion of data breaches. Attackers are hunting smaller prey and stealing more than payment card information. Cyber criminals want authentication credentials and intellectual property and they are favoring simpler highly automated tactics to target smaller caches of valuable information at smaller organizations.
Ultimately, there’s a lot at stake with an overly defenseless data center. An internal or external security breach of an organization’s IT network can cause loss of integrity, business disruption, financial loss, legal issues, and significant damage to a company’s name and brand. As technology develops, cybercrime becomes more sophisticated and lucrative. And while the challenge of securing the network is multifaceted and complex, attacks don’t have to be sophisticated—and most aren’t.
The 9/11 attackers, for instance, used low-tech methods on high-tech infrastructure. Financial institutions probably invest the most in protecting their assets, and they’re still at risk. No matter what you do, hackers are always going to be able to find a way inside. But that’s no reason to roll over and cry uncle. Big or small, you need to take an active stance in the fight against cybercrime. See, criminals are still human. And it’s human nature to prefer the path of least resistance.
So what’s the answer? How about not being an easy target for hackers, viruses, and identity thieves? Update your software and change your behavior to avoid data breaches. As I have said before, you need to be prepared against attacks on your critical infrastructure and networks. So if you don’t want to be a victim, set up a fortress from which you can stand guard. Or . . . call for reinforcements.
Can Cloud Computing Make You Safer?
There is the debate of whether it’s safe to turn to cloud computing. But the irony is this: The biggest concerns over turning to cloud computing—data security and transparency—are probably the biggest reasons to turn to the cloud. Cloud computing puts defense in the hands of experts who have carefully planned their data center architectures and offer you the best and most advanced technologies for protecting your cloud hosted resources. Better still some cloud service providers can even offer you security service level agreements that give you visibility to and confidence in the security of your hosted workloads.
So if you’re on the fence know that you can turn to IaaS if for no other reason because a primary purpose of the companies that offer it is to make sure your resources are secure and highly available. This keeps you coming back to host more and more parts of your data center as you gain confidence and your business needs grow. A good cloud services provider should use the latest in security and monitoring tools to watch for hackers and any malicious activity. Cloud services providers should be able to distinguish their offerings with granular security provisioning, compliance assessment, and automated enforcement that can scale.
Also, ask your would-be provider about the platform on which their IaaS runs (i.e. is it virtualization) and what types of security are available (i.e. hypervisor-based, other). Too, there may be different types of security services and SLAs available to you ranging from ones where the security management is left to you all the way to a fully managed and documented regimen where regular compliance reporting gives you quantifiable proof of your security posture week after week.
Keep in mind that the best providers will give you the most options and offer benefit of the latest in cloud security.