BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

What The Sony Hack Can Teach About Cyber Security

This article is more than 9 years old.

Recent large-scale information breaches have raised the awareness of the dangers of corporate cyber security. Sony’s breach is the most famous but there have also been attacks on Lenovo in the last week and other companies such as JPMorgan Chase and Home Depot in the past year.

Computer Futures, a recruitment consultancy, estimates that businesses spend around $25 billion defending themselves from cyber threats. And this figure is only going to go upwards due to growth in global online business, increases in threats and the continuing evolution of internet operations.

A 2013 report from Pierre Audoin Consultants on behalf of the UK government’s Department for Business Innovation and Skills (BIS) neatly describes how evolving use of the internet has created new vulnerabilities.

“Before the Cyber Age the best IT Security systems were conceived like a medieval fortress. In a castle, external protection is impressive, doors and windows small, scarce and heavily protected, giving little and difficult access to the interior,” the report says. “But now … systems are now open and will remain open. Business and individuals demand it. The balance between business protection and business enablement is changing… This is driving organisations to open the walls of the IT fortress.”

The report goes on to somewhat bizarrely liken the change in cyber security systems to fruit, with the old method resembling a coconut - hard exterior - and modern systems like a mango - partially protected exterior with accessible interior and a ‘hard’ core protecting certain items.

Fruit metaphors that fall apart under scrutiny aside, the point remains that businesses are going to continue to face cyber attacks as well as potential internal leaks. With regards to actual active attacks, running a company in English - particularly from an English speaking country - makes a business a more attractive target. “Countries such as Australia and Canada represent a higher share of global data breaches relative to their economies than countries such as China, India or Japan,” the report says.

This is particularly a problem for the UK as the internet economy represents a higher share of its GDP compared to any other G20 country, it adds.

But most businesses might think they are too small to be the victims of a cyber attack. That is not the case, says Ilia Kolochenko, chief executive officer (CEO) of High-Tech Bridge, a provider of cyber-security products. His company has worked with numerous small companies that have been victims of hacking - either for their own data or because they represented the weakest point of entry in a digital information supply chain.

“Hackers are looking for suppliers of services to targets now,” he says. “They’re going after consultants and lawyers instead of hacking major companies, as this is a much easier way in. To identify two or three companies that aren’t part of a larger firm’s data security protocol but have the same access is very simple and the smaller suppliers don’t have the same, time, budget or need to make sure information is secure to the same extent.”

This is not news to larger firms and many are beginning to scrutinise their supply chains. This makes proof of robust cyber security particularly important for entrepreneurs and start-ups looking to do business with or supply larger counter-parts, he adds.

But external threats are not the only cyber security issue that businesses need to address. A survey by the Ponemon institute, a research centre for information security policy, found that the vast majority of IT specialists (78% in the US and 68% in the Europe, Middle East and Africa (EMEA) region) did not believe their organisations correctly enforced security and data privacy policies in all cases.

In particular unencrypted email, 'cloud' tools and file transfer systems were cited as the biggest risks, the survey says. One potential way to address these problems is through open-source solutions. Majority of the IT specialists surveyed thought that commercially backed open-source programmes increase integrity and trustworthiness of applications (76% in EMEA and 68% in the US), improve security profiles (67% in EMEA and 55% in the US) and reduce privacy risks (66% in EMEA and 52% in the US).

This is because the community backing and scrutinising an open-source programme can collectively bring more experience, resources and sheer numbers than even the best funded private company, says Olivier Thierry, chief marketing officer (CMO) at Zimbra, a commercial open-source solutions provider that sponsored the Ponemon Institute survey.

“Developers and coders will look at an area of your code and go: ‘Is this an issue or a possible security violation?’ There’s significant insight from the community,” he adds.

Open-source solutions can go some way towards preventing a company’s internal leaks. But it still needs to work within a greater company-wide policy that includes training for employees on security issues. This will help to prevent breaches through the use of unauthorised applications (currently a problem for 74% of US and 71% of EMEA IT managers surveyed by Ponemon) as well as the unauthorised sharing of confidential documents (an issue for 89% of US IT managers and 79% of those surveyed in EMEA).

In many ways cyber security is a losing game. Due to its reactive nature, hackers and other online scammers are always likely to be one step ahead - testing out a new method while the cyber security industry is still perfecting a solution for the last. But that doesn’t mean businesses need to make it easy for those looking to penetrate defences. A few steps can help to close off many easy entrances.