The Growing Need for Cyber Security
by Tony D’Altorio, Investment U Research
Friday, June 10, 2011
There have been a number of shocking events over the past year and a half in the world of cyber security.
Some of the events include: mass breaches of consumer information at Sony (NYSE: SNE) and elsewhere, the Stuxnet worm’s stealthy attack on the Iranian nuclear program, the security breach at defense contractor Lockheed Martin (NYSE: LMT) and the Chinese electronic break-in at Google (Nasdaq: GOOG).
These events led U.S. Attorney General Eric Holder to comment recently, “Cyber crime threatens the security of our systems as well as the integrity of our markets.”
Such breaches of security have forced a broad recognition that, despite the difficulties, all those using the net must accept cyber security as part of their mission.
Cyber Intrusions Accepted As The New Normal
Cyber intrusions are fast becoming the norm at even the world’s most technologically sophisticated companies. This surprisingly includes some companies that have cyber security as their main mission.
One such example is the problem this year at RSA, the security company owned by EMC (NYSE: EMC). This problem prompted the National Security Agency to warn that RSA’s SecurID keys, with fast-changing numeric passwords, should no longer be sufficient to grant access to critical infrastructure. The compromised security keys were involved in the May hacker attack of Lockheed Martin.
Security breaches are also becoming more wider-reaching. And are not just one-time assaults like the attack on Sony, which revealed details on 100 million users of its online gaming networks.
Consumers’ computers are increasingly at risk directly from virus infections that are undetected by standard security software and that do more harm than their predecessors.
The fastest growing types of infections install software that records keystrokes, including logins and passwords. Then the data is whisked off to overseas criminal gangs that make use of consumers’ personal information.
Two Fast-Growing Phenomena Compounding Cyber Threats
Compounding and uniting these cyber threats are two fast-growing phenomena:
At social networking sites, individuals often give all sorts of clues about themselves that can be used against them in phishing scams. Also, users at these sites have been “trained” to click on shortened web links… web links that could lead to malicious pages.
Targeted emails to employees are the delivery method of choice for intrusions such as those at Google and RSA. These emails were made more credible by public information gathered on employees at various social networking sites.
These are devices generally controlled by employees but often have widespread workplace access. These devices are just beginning to be targeted, in earnest, by hackers.
What’s surprising here is how antiquated the thinking is at many businesses. Many times smartphones and tablets are issued to employees without encryption, authentication, or anti-malware software.
Defending Against Cyber Criminals and Hacktivists
The advances in software and the increasing use of the internet has made the defense against cyber crime more difficult, not easier.
The Attorney General put it best when he said, “For every technological or commercial quantum leap, criminals and criminal syndicates have kept pace.”
In effect, these criminal gangs are great capitalists. They make money from one scam and reinvest the money into new research and development to stay ahead of the cyber security profession. And they pay their “professionals” top dollar to keep them happy and hacking.
Then there’s the problem quite apart from criminal activity. There’s growing evidence of politically motivated attacks over the internet, targeting various organization and companies, from so-called “hacktivists.”
Hacktivists usually use techniques involving relatively unsophisticated malware, but which use the sheer weight of numbers. These types of attacks have brought down systems belonging to companies including PayPal and Visa (NYSE: V).
The danger is that hacktivists don’t operate on a profit and loss basis. So tools and techniques that may deter criminals because of the high cost involved in getting around security measures will not work on hacktivists.
The result is that businesses today are forced to defend themselves on two fronts:
The IT industry has been playing catch-up with hackers and cyber criminals for decades. And the problem is just getting worse. Look for this “war” without end to continue, and for smart investors to profit.
Good investing,
Tony D’Altorio