The year has been full of cyber attacks that have left sensitive information ranging from bank accounts to social security numbers exposed and vulnerable.
From data breaches at eBay and Michaels to the recent and devastating attack on Sony, no business is safe from cybercrime though many fail to realize the seriousness of the situation.
And it’s a problem that will only grow in severity. The value of cybercrime is expected to exceed $1 trillion by 2020, and the current market for security technology is more than $40 billion, according to Hendrix H. Bodden, chief executive officer of GreyHeller.
“It is more frightening than anybody actually realizes that isn’t in this business,”Bodden said in an interview. “I think that 2014 has seen so many high profile breaches, even JPMorgan Chase has been breached. They were able to index virtually every node, “virtually every terminal, every Web server on the JPMorgan network. JPMorgan’s CEO Jamie Dimon said they’re at least doubling their cyber-security budget, and I do think that companies are taking it more seriously.I think boards of directors, shareholders, and customers are starting to ask, ‘What are you doing to protect your valuable assets?”
There Are a Wide Variety
of Cyber Criminals
The make-up of cyber criminals is diverse — representatives of foreign governments, international organized crime rings, individuals working alone, and hacking collectives are all trawling the Web for a window of opportunity. It is estimated that 97 percent of U.S. companies have been hacked or will be hacked. Oftentimes businesses aren’t even aware that they’ve been compromised.
“The cybercrime environment is multi-layered, it’s incredibly active, it’s 24-7,” Bodden said. “If you believe that the bad guys are always one step ahead, in this case they really are.”
Consumers can protect their information by creating secure passwords and using two-step authentication whenever available. They also should be wary of email-based phishing attacks, which can be protected against with a careful eye. Some signs that an email may be fraudulent include poor grammar and punctuation or bizarre phrasing.
“What happens is I’ll click on a link and that link will actually take me to what appears to be a legitimate site and I’ll enter information,” Bodden said. “Once I’ve entered that information, the bad guy’s site will then forward me on to the legitimate site and you’ll never know that there was that intermediate step in between. A lot of this happens and people don’t even know it. The only time they find out is when somebody has bought their credit card number on the black market and all of a sudden they’re seeing purchases at electronic stores or gift cards, which are two of the most favorite ways that cyber criminals monetize stolen identities.”
Mobile Device Management
Increasingly Being Used
Mobile device management is an up-and-coming area of cybersecurity. For example, some systems allow for remote data wipes when a mobile device is lost or permit the company to download updates. GreyHeller’s ERP Firewall protects users by implementing two-factor authentication at the field level. Data masking, logging and analysis, and location-based security also are rising trends in the industry.
GreyHeller will kick off the new year with a series of cybersecurity webinars. The first will debut on Jan. 7 and focus on Oracle PeopleSoft security for higher education. These systems often host the same information banks do, making them an attractive target for cyber criminals.
“Higher education is especially challenged by cyber criminals because they have by definition very open networks,” Bodden said. “They’re not behind a firewall, so higher education institutions have to have all of their web applications out and accessible in the wild and on the internet. The bad guys know this and so higher education is one of the top industries that is actually targeted by cyber criminals.”
January Webinar to Focus
on PeopleSoft HR Systems
The Jan. 14 webinar centers on PeopleSoft human resources systems, which also typically contain sensitive information vulnerable and valuable to hackers.
“Before the human resources systems were mobilized, they could pretty well contain them behind the corporate firewall,” Bodden said. “But now that a lot of these systems have been mobilized so you can access your paycheck, you can change your benefits, you can do a lot of employee self-service and manager self-service from your mobile device, that exposes those systems to the internet and the bad guys know that so they’re going after them.”
The third and final webinar on Jan. 21 will be presented alongside Duo and discuss two-factor authentication.