Earlier this week, unnamed White House officials confirmed to The Washington Post that hackers breached the White House's unclassified computer networks. Efforts by the administration's cybersecurity teams to mitigate the threat temporarily disrupted network access, but the anonymous sources said the intruders didn't do any damage or infiltrate the classified network.
Reports pointed to the Russian government as the force behind this latest intrusion. The attack style apparently was consistent with other state-sponsored breaches the government has encountered in the past. Plus, news of the hack broke just a day after network security firm FireEye published a report on APT 28, a hacking group sponsored by the Russian government that has targeted NATO, the Ukrainian government and U.S. defense contractors.
Meanwhile, an investigation by the FBI, Secret Service and National Security Agency is ongoing, and the White House is keeping mum on who was behind the hack or if there was any data stolen.
What they did say was that the breach was not a surprise.
"This is a constant battle for the government and our sensitive government computer systems, so it's always a concern for us that individuals are trying to compromise systems and get access to our networks," they said.
The operative word for CIOs is constant, a grim reminder from the world's biggest superpower that cybersecurity is not for the faint of heart. As SearchCIO has reported before in this column, cyberthieves are not just persistent; they have become highly organized and specialized.
"The increasing level of collaboration among cybercriminals allows them to compartmentalize their operations, greatly increasing the sophistication of their criminal endeavors and allowing for development of expert specialization," said a deputy special agent in charge of the Secret Service Criminal Investigative Division.
No wonder U.S. executives are overwhelmed. According to a PricewaterhouseCoopers 2014 U.S. State of Cybercrime Survey, which surveyed 500 U.S. executives of businesses, law enforcement services and government agencies, 77% of respondents encountered a security incident in the past year; in an earlier survey, PwC reported that 69% of U.S. execs are concerned that cyberthreats will impact their growth prospects.
How can any single organization hope to stand a chance against such an intricate and sophisticated pack of thieves? PwC's report offers some tips, starting with collaboration:
There's strength in numbers. PwC found in an earlier survey that 82% of organizations with high-performing security processes work with other companies to stay abreast of security and threat trends. You can do so by participating in Information Sharing and Analysis Centers' forums, the study advised. Astoundingly, only 15% of those surveyed collaborate with law enforcement agencies.
Evaluate your business partners. According to the report, third-party business partners provide "an indirect path to criminal profit that is increasingly successful because most organizations make no effort to assess the cybersecurity practices of their partners and supply chains." The survey found that the number of companies that have an evaluation process before they launch business operations has dropped to 44% from 54% in 2013.
Practice smart security spending. While it sounds like common sense that security investments based on business risks are the most productive, PwC found that only 38% of respondents have a methodology of allocating security investments based on business risk, and only 17% classify the business value of data.
Not only should strategic security spending be tied with risk and impact to the business, but cybersecurity programs should also be funded for shorter terms to encourage agility and flexibility to quickly respond to evolving cyberthreats, the study recommended. Furthermore, and perhaps most important, organizations should invest in the security practices most germane to today's advanced threat landscape. "Rather than an emphasis on prevention mechanisms, for instance, it is essential to fund processes that fully integrate predictive, preventive, detective and incident-response capabilities to minimize the impact," the study advised.
Is your business equipped to handle today's cybercriminals?
CIO news roundup for week of Oct. 27
Here's other technology news to get you geared up for the Halloween weekend:
- Apple CEO Tim Cook came out in an essay published by Bloomberg Businessweek, and was widely lauded for it.
- Mobile payment wars: Wal-Mart is leading the pack of retailers attempting to thwart Apple Pay, Apple's mobile payment system. The retailers stopped accepting payments on iPhones and are working on their own payment system, called CurrentC.
- Google announced at the Wall Street Journal Digital Conference this week that its Google X lab has been secretly working on a wearable device that works with nano-pills to detect cancerous cells.
- Microsoft's finally leaping into wearables. The company this week announced Microsoft Band, which is equipped with 10 sensors, including a heart rate monitor, GPS, UV light monitor and more.