Take last week’s dust-up over accusations the Chinese government is systematically hacking American corporate and government computer systems, stir in President Obama’s State of the Union call for heightened attention to cyber security, add Connecticut’s new focus on protecting the power grid, and what emerges is a clarion call to action.
It shouldn’t have come to this. Anybody who is spending any time online knows bad guys lurk around every digital corner. The analogy rings true that antivirus software can help prevent digital flu but offers no protection against a bullet.
States — including Connecticut — have been busy trying to get Corporate America’s attention with tougher and tougher laws — and penalties — for security breaches. Yet it keeps happening. Some cases are just human error, i.e. the lost laptop. Some cases reflect poor planning of a defensive strategy. Some are unfortunately a price of doing business.
As consumers, we all want a guarantee that our data will be protected fully. So why do we get so dumb when we go to work and decide lightning won’t hit our business?
Whether your corporate data is stored in the cloud, on a server in the next room or backed up in a server somewhere in Montana, the data is still vulnerable. Certainly risks vary with the nature of your business, but how vulnerable is largely up to you.
Obama has called for a set of national cyber security standards. That’s a first step that is likely more effective in raising awareness than it is in stopping the determined hackers moving at the bidding of a foreign rival. No least-common-denominator solution is going to be effective.
Already this year, we’ve seen major banks, manufacturers and media attacked. The latest reports suggest hackers have learned to go around the most sophisticated defenses erected by governments and financial institutions by attacking their suppliers. That should send a shiver through Connecticut, home to some of the largest suppliers to the military and the financial-services industry.
But let’s assume for a moment that the major players — firms like Electric Boat, Conning, SS&C Technologies, Pratt& Whitney and all its corporate cousins at United Technologies — are already on high alert. Let’s assume the operators of our power grid, communications networks, water supply and other vital services are vigilant. What about small and mid-sized businesses?
Security experts are saying that most computer systems are designed to be tough to enter but insecure once entry is gained. That’s disconcerting. And perhaps it suggests time for a large-scale rethink of our approaches.
Perhaps the first line of defense needs to be common sense. Get your employees to listen to your IT people when they preach about not installing unauthorized software and not clicking on links in email from unknown users. Don’t let the urge to make employees comfortable with the bring-your-own-device movement compromise your fundamental data safeguards.
On a macro level, the diplomats have a lot of work ahead of them to head off a nasty showdown over the international espionage variety of hacking. But on the micro level, we all need to do our parts by making wiser decisions about how we share our personal data and how we protect both our personal and corporate data.
One data breach can ruin lives and cripple companies. We don’t want to learn what a hacker can do to a power grid. It’s time for each of us to take cyber security seriously.
