The audit is one step in the process. Once the risks have been identified have been addressed, IT Security policy written, risk management standards set and people trained, you can feel confident that probability of a breach has been significantly reduced. Read on to learn how pertinent this is even from a national security perspective.
Facebook’s hire of its first-ever head of cybersecurity policy is recognition that protecting corporations from foreign hacking is an increasingly serious matter. Sophisticated cyber threats presented by state-sponsored actors have long challenged sensitive United States government computer networks. What’s new — as Facebook’s move indicates — is that these complex state-sponsored cyber attacks are now also threatening America’s leading companies to a larger extent than ever.
The resources, skill, and complexity posed by hackers managed by Russian intelligence agencies, for instance, far surpass the motivations and abilities of typical cybercriminals. In this new era, U.S. companies must bolster their defenses and leverage advanced cyber tools designed to stop state-sponsored attacks. The mounting threat against American commerce — the bread and butter of America — must be addressed. It’s not business as usual anymore.
While Russia is not the only state engaging in these activities, its cyber operations are relatively known. Unable to dominate in conventional military terms, Russia views cyber operations as an affordable way to disrupt its adversaries. As part of this effort, Russia has increasingly targeted civil and commercial computer networks. This includes measures to cripple critical infrastructure, financial networks, and internet services and capture proprietary data or sensitive communications, such as a CEO’s emails. While working at the Pentagon, I saw firsthand how Russia tested these capabilities in Ukraine as major coordinated cyber intrusions shut down power grids, interrupted television broadcasts and generally disrupted commerce. Ukrainian President Petro Poreshenko stated that in the space of two months in 2016 alone, 6,500 cyber attacks were conducted against government, critical infrastructure and industrial targets. Read more »