I stumbled upon an interesting article comparing the safety of the internet to both a wild west frontier, and a place ruled by the “laws of the jungle”. The article details data that was collected about the number, frequency, and scale of attacks on major corporate and governmental networks. The scary part isn’t that this attacks happen, but how successful they can be. Each iteration of attack is more sophisticated than the next. This is going beyond the mere script kiddie attacks that have been common for quite awhile. The level of sophistication used shows and organization of the attacks, and some sort of infrastructure.
The news has recently talked about these so-called “cyber attacks” by China on various governments and companies around the globe. While these are the more publicized attacks, the majority of them appear to be coming from highly technical criminal enterprises. The motive is the same as it always has been with these types of organizations: money.
Companies don’t want to talk about it when these things happen. Even if they are successful in fending off would-be black mailers or corporate data hijackers, they don’t want to report the attempts. Fear of a decline in stock prices, giving off the appearance of being weak or vulnerable, or just the all to common veil of corporate secrecy are some of the reasons that these situations are never made public.
What’s even more frightening is that in this time of recession, companies are cutting their security budgets. They are trying to make due with less. Meanwhile those who would plunder them are increasing their resources and finding new ways to infiltrate protected networks. When there are threats on someones physical well-being the typical response isn’t to slash the number of security personnel protecting them, it’s to increase it. Yet when it comes to data, the life blood of corporate America, this is exactly what they are doing – cutting back security in an attempt to save a couple of bucks. It’s another striking example of short-sightedness that can end up costing companies more in the long run.
Protecting our networks against these threats is a monumental task. The internet is a global entity, policing it is near impossible as all governments work under their own set of laws, seldom working well with others. Attempts at working together often lead to tangled, and slow moving bureaucracies. Governments are not designed to be quick and responsive, however the internet is an ever changing rapidly evolving place. It requires a quickness of response.
There’s not a clear cut solution to this. Just as with any other type of crime there is no fool-proof system that can’t be cracked. Education and ever evolving security practices can minimize the risk. Just like you shouldn’t walk through a bad part of town with a wallet stuffed with cash, corporate networks shouldn’t leave their data out in the wind, unprotected where someone with a little technical aptitude can get at it.