Computerworld - At the moment, there's a dirty little secret that only a few people in the information security world seem to be privileged to know about, or at least take seriously. Computers around the world are systematically being victimized by rampant hacking. This hacking is not only widespread, but is being executed so flawlessly that the attackers compromise a system, steal everything of value and completely erase their tracks within 20 minutes.
When you read this, it almost sounds like the plot of a cheesy science fiction novel, where some evil uberhacker is seeking world domination, while a good uberhacker applies all his super brain power to save the world. Sadly, this isn't science fiction, and we don't typically have uberhackers on our side.
Talk of these hacks is going on within the intelligence and defense communities in the U.S. and around the world. The attacks were even given a code name, Titan Rain, within the U.S. government. The attackers appear to be targeting systems with military and secret information of any type. They are also targeting the related technologies.
But I'm not just talking about government systems. There are a variety of industries that support the government. For example, automobile companies make tanks and other military equipment. Food service companies supply military rations. Oil companies provide fuel to the government. Companies with personal information on federal employees can be exploited to identify undercover operatives.
That also brings up other potential targets, as the attackers are necessarily limiting their sites on apparent military systems. Oil companies know where potentially valuable oil reserves might be. Telecommunications companies have details about satellite communications and new technologies for improving communications reliability and bandwidth. Any organization with intellectual property worth protecting is a potential victim of these attackers.
I only present the above facts to demonstrate that most companies can expect to fall victim to the attackers. Way too many companies believe that they have nothing to fear or nothing of value that sophisticated attackers would want. The fact of the matter is that these attackers are extremely indiscriminate in whom they compromise.
The critical issue is the identity of the attackers. The source of the attacks will tell you how much you have to be worried about. Initially, the attacks were traced to China, which told investigators very little. There are so many poorly secured computers in China that many hackers use China-based systems as relay points for their attacks. So despite the fact that all attacks went through China, there was little evidence to conclude that China was responsible.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts