What companies should be doing to protect their computer systems—but aren’t
Maybe stopping hackers isn’t always that hard.
That may be difficult to imagine if you follow the headlines. In late 2013, America entered the age of the megabreach when Target Corp. lost 40 million credit-card numbers to Russian-speaking hackers. Since then there’s been Home Depot Inc.,Adobe Systems Inc.,J.P. Morgan Chase & Co., eBay Inc.,Anthem Inc., to name just a few.
The menace isn’t going away—it’s too profitable for those behind it. But there are a lot of smart people in computer security who think this barrage of headlines doesn’t have to be the new normal.
And a lot of their suggestions have nothing to do with spy-grade technology, unplugging everything from the Internet or turning cyberspace into a battlefield. (And there are credible executives, scholars and Army generals who propose all three.)
Rather, a lot of it has to do with hygiene. Or, cyberhygiene, as some call it. This includes boring things that companies ought to be doing anyway but often skip—things like regularly updating software, doing routine audits of their systems and ensuring vendors adhere to strict security standards.
So we talked to security companies, government officials and former spooks in an effort to identify the easy things that could make a difference but that many companies still haven’t tried, or are implementing very slowly.
Obviously, it’s possible the hackers are so determined and so skilled that nothing this simple will work. Some people who have spent time battling hackers up close think that’s the case. But until companies try these things, it’s premature to say this indeed is the new normal.
Source: http://ift.tt/1E26J1o
from cyber security caucus http://ift.tt/1F85Bdr
via IFTTT
No comments:
Post a Comment