We are definitely seeing the role of innovation and the impact on human culture today. As 2012 came to a close, at social gatherings we witnessed folks old and young use iPads, tablets, and smartphones along with other luxuries that we have become accustomed to. We have definitely embraced the post-PC era.
As the growth of e-business and use of the Internet to automate data-intensive functions has driven many organizations to open their networks to wider audiences, the ability of hackers to continually evolve with security initiatives has created a difficult cycle for many organizations to keep up with.
A shift in hacker objectives from notoriety to economic gain has occurred. At one time, fame was a primary incentive for hackers to take advantage of system and network vulnerabilities. Today, systems and applications are increasingly exploited for financial gain. Today’s cyber-attacks are sophisticated and organized. This change in motivation has resulted in a change in methods, which have made system exploits harder than ever to detect and mitigate.
Who Are the Targets?
In fashion, one day you are in, and the next day you are out. The same goes for the target of a hack, believe it or not. The popularity of a certain mobile device, shopping website — or even for that matter universities at the time of college admissions — are some of the targets handpicked by hackers using logic that combines research and a well-planned inclusion and exclusion criteria. These attacks are not random as many people think. They are targeted and precise. And they are made easier by the different facets of innovation rapidly occurring, including social media.
Social networking is making it easier than ever for hackers to mine personal information, allowing them to craft very effective spear phishing emails, which are top of the food chain as far as lethally effective vehicles for malware delivery and ultimate network penetration.
The Race against the Hack
With the cyber-threat landscape maintains its ever-evolving, fluid state, perfect cyber security is simply impossible. The very nature of cyber security today has become reactive. As threats get developed and exploits get exploited, there is always some victim at the starting point that had to experience it before it’s identified, exposed, documented, and before fixes or patches are built to eradicate the problem.
Hackers are adapting more quickly than software and operating system vendors can defend against with patches and workarounds; often, hacker exploits are so targeted that there are no signatures to stop them. And in addition to broad-scale worm and virus outbreaks, IT organizations need to protect against network threats that are specifically designed to avoid detection and bypass traditional defenses.
Cyberspace, the fifth dimension of warfare, has already become an important arena of world politics. The lines between war and peace have blurred. And what is developed for one purpose can easily spill into the hands of others. What’s next and how will it affect what you are trying to protect?
What’s a CIO to Do?
The industrialization of hacking has created a global ecology where threats are increasingly sophisticated and constantly evolving. CIOs need to turn the tables to stay ahead of hackers, while still being mindful of resource and budget constraints.
CIOs should employ a contemporary security strategy which first addresses the fundamentals of visibility, control, and flexibility. While there are some tectonic forces driving the evolution of hacking, the ever-evolving security threats are not insurmountable. And no organization can afford to underestimate them.