TEST to main content First level navigation Menu
Man working in dark server room

Are we on the verge of a data security doomsday?

by David Chernicoff
It seems that a week doesn't go by without news of some major security breach at a well-known, high profile business.

And if you are an IT professional, you might not even realize the really scary part of this news: It’s coming from the mainstream press, not IT-specific media.

Think about this for a second. As IT professionals, we’re are used to the constant reports of IT vulnerabilities and the ways that we can address them, but the major security vulnerabilities now being regularly exposed are so egregious that they make the evening news. Primarily, this is because these corporate security failures have exposed sensitive consumer data—either in the form of credit card information or identity information.

A practical CIO knows that it is no longer a matter of if their company will be a target for hackers—it is about when will they be attacked.

With all of this press around data security failures, companies need to consider not only the impact of a breach on their business, but also the impact on their company’s reputation. You can be sure that every time a savvy consumer goes shopping, they feel a bit of trepidation before they use a credit card at Target or Home Depot, or whether or not Anthem can be trusted with their personal information when shopping for insurance.

A practical CIO (or CISO) knows that it is no longer a matter of if their company will be a target for hackers—it is about when will they be attacked. The shift in focus should be towards developing strategies and technologies that mitigate the impact of any data security breach. It’s an ongoing battle between hackers and security vendors, and the balance of power shifts back and forth regularly.

A new battlefield

These days, businesses aren’t just defending against motivated hackers or rogue criminal organizations, they are facing attacks from nation states themselves. In a CNN Money story1 in early March, former NSA Director Mike McConnell was quoted as saying, “the Chinese have penetrated every major corporation of any consequence in the United States and taken information. We’ve never, ever not found Chinese malware.” North Korea was cited as the primary suspect in the Sony breach. And given these attacks, as well as the revelations revealed by Edward Snowden about NSA snooping, it’s clear that governments are now major players on this battlefield.

There is little question that the severity, frequency, and capability of attacks on corporate data security will continue to get worse. The state-based attacks get a lot of publicity, as do breaches that release credit card or personal information, but there are attacks coming from innumerable sources every day, all looking for access to corporate networks and data.

A new world of data security

There is no one-size-fits-all solution to this problem. Every level of data security that can be realistically implemented in software and hardware, and enforced without disrupting business workflow, needs to be utilized. Working with individual business units to find the balance between upping security and minimizing impact on workflow will be crucial.

But the most effective measures will be taken by organizations that have a top-down approach to the problem. A high-level understanding of the problem and a comprehensive approach to information and systems security is an absolute necessity to providing the highest possible level of security moving forward.

Take a hard look at your data security policies

It is no longer a matter of if a company will be a target for hackers—it is about when will they be attacked.
There is no question that a CISO or equivalent level of operational management will be required, as is the understanding that this is an ongoing fight, and that the odds of your company being hacked at some point are high — despite your best intentions. While this sounds pessimistic, this back and forth battle is simply a realistic understanding of the scope of the problem. Taking steps now to best protect yourself and mitigate the impact of a breach can help minimize the damage—both to your network and to your reputation — later.
David Chernicoff
With experience ranging from database developer, to software development and testing management, to being the CTO at a network management ISV, David Chernicoff brings close to 30 years of experience in IT to his writing. After running testing labs for major magazines in the 90’s, he went off on his own, providing consulting services to business across the SMB market as well as continuing to actively write books, magazine articles, and blogs on topics as diverse desktop migration and datacenter energy efficiency optimization.
1 "Ex-NSA director: China has hacked 'every major corporation' in U.S." CNN Money. March 2015. http://money.cnn.com/2015/03/13/technology/security/chinese-hack-us/index.html