Finding The Cure for Cyber Blindness & Missed Opportunities
As a security integrator, cyber crime presents a “clear and present danger” to your customers. Cyber crime is a HUGE problem that reaches from the K-12 education market to ongoing international negotiations at the United Nations. Rather than viewing cyber security as overly complex, look at the operation of your client’s business and do what you can at the local level to better secure it.
While we can never totally eradicate cyber crime we can mitigate it and defend against it. From cyber education training (boards, executives, employees and partners) to securing mobile devices, there is a pressing security requirement for businesses and an unmet opportunity for security integrators.
Simply consolidating cyber threat feeds (the latest cyber crime information) from multiple sources and providing customers with updated information and countermeasures would be a step in the right direction. It would also alert integrators to new solution opportunities to install and maintain.
The cyber crime business is in continuous motion. So is the need for continuous monitoring of systems, people, and new threats, which equals recurring revenue for integrators willing to tackle new challenges. More than 60 percent of the problem today is insider threat according to the Kroll Security 2011-2012 report, which represents a people and policy issue — not just a technology problem. By the way: integrated video and access controls systems play a role here.
It has been four years since Robert Mueller, director of the FBI, publicly confirmed that cyber crime was off the charts. In October, 2008, Mueller stated: “The FBI reports that for the first time ever, revenues from cyber crime have exceeded drug trafficking as the most lucrative illegal global business, estimated at reaping in more than $1 trillion annually in illegal profits.”
Today, the top 200 to 300 cyber criminals — gifted hackers, mostly Eastern European — write malicious software, or malware, that is available to a global criminal network. They outsource the code, making it easy for common criminals without software skills to steal your information.
So blatant is this activity that criminals actually have customer service offerings to step criminals through the installation process and assist with questions. The illegal transaction is rated by a star system (similar to Amazon.com) to determine your satisfaction with your illegal software purchase and how effective the malware was in stealing information, such as credit cards and passwords.
Worse yet — there is a growing trend to attack businesses with under 500 employees, many of which do not have full time security executives. Many of the breaches today are a result of directly targeting employees through information available on social media (phishing). This is an education issue, not technology.
As you read this article your customers are at significant risk of a cyber security breach. The Trend Micro 2012 cyber report states that “a new piece of malware is created every second” and the United States Computer Emergency Readiness Team (US-CERT) concurs that “a new cyber intrusion occurs every five minutes.”
The question is: As your customers are getting victimized, what are you doing about it?
Your customers need help. I visited a number of vendors at the ASIS show this year where “connected buildings” and “integrated mobile security solutions” were the theme of many booths. When I asked them “do you offer cyber security services?” I received blank looks or some nonsense about someone in corporate back in Germany, France or Indiana being responsible for that.
The fact is there is very limited cyber support capability for the customer base in our industry. You can integrate security systems or connect high-rise buildings but ignore the number one threat to their operation? Isn’t this why we deploy security in the first place, to protect the business and mitigate risk? In 2012 “Cyber Blindness” is no excuse.