Sunday, October 18, 2015

The Continuing Challenges of Cyber-Security

  • Last week, the Wall Street Journal’s article “Cataloging the World’s Cyberforces” said, “More than 60 countries have or are developing tools for computer espionage and attacks. The world is shrouded in secrecy, and the hackers involved are notoriously difficult to track, making certainty and comprehensiveness impossible … [some] have formal military or intelligence units dedicated to offensive cyberefforts … [some] have bought off-the-shelf hacking software … {most] use cybertools for surveillance, either domestically or internationally.” 
  • Separately, the Washington Post cited an Oct. 15, 2015 report by citizenlab.org which said “Our results indicate 32 countries where at least one government entity is likely using the [FinFisher} spyware suite, and we are further able to identify 10 entities by name [Bangladesh, Egypt, Indonesia, Italy, Kenya, Mongolia, Morocco, Nigeria and Serbia] … FinFisher is a sophisticated computer spyware suite and ...  [is] sold exclusively to governments for intelligence and law enforcement purposes.  Although marketed as a tool for fighting crime, the spyware has been involved in a number of high-profile surveillance abuses.  Between 2010 and 2012, Bahrain’s government used FinFisher to monitor some of the country’s top law firms, journalists, activists, and opposition political leaders. Ethiopian dissidents in exile in the United Kingdom and the United States have also been infected with FinFisher spyware.”
  • In addition, the Computer & Communications Industry Association (whose members include AmazonGoogleFacebookNetflixMicrosoftPayPalRedhatT-Mobile and Yahoo) said “The Cybersecurity Information Sharing Act (CISA) is again due for consideration in the Senate in the coming weeks.  The bill primarily aims to facilitate the timely sharing of cyber threat indicators between and among the private sector and government, with the goal of improving overall domestic Internet and infrastructure security … However, CCIA is unable to support CISA as it is currently written. CISA’s prescribed mechanism for sharing of cyber threat information does not sufficiently protect users’ privacy or appropriately limit the permissible uses of information shared with the government.  In addition, the bill authorizes entities to employ network defense measures that might cause collateral harm to the systems of innocent third parties."

MY TAKE

  • Regarding cybeforces – As hackers increasingly access personal data on corporate services, the comments by the Wall Street Journal and the Washington Post / citizenslab.org are reminders that cyber efforts include the participation of governments of all sizes.
  • Regarding the views of the CCIA – In the post Edward Snowden era, concerns about how governments use personal data remain high.
  • Bottom line – Regardless of the outcome of debates about how personal data is shared, a broad set of physical and digital assets will continue to be compromised by cybercrime and cyberespionage.  

4 comments:

  1. The financial and reputational damage that can be inflicted on a retailer by a major security breach can be so severe, and so destructive, as to approach the financial and reputational damage a commercial airline might suffer from a serious accident

    ReplyDelete
  2. Hello!
    I'm small entrepreneurs from Colorado. Now I'm worried about security of my databases that I use for customers' orders. All my files store in this POS software:
    http://pos-co.com/
    What can you tell me about it?

    ReplyDelete
  3. Its a great pleasure reading your post.Its full of information I am looking for and I love to post a comment that "The content of your post is awesome" Great work. guaranteed search engine optimization

    ReplyDelete