It’s not the network they want, it’s the data
The recent disclosures of the data hack at the Office of Personnel Management (OPM) remind us that data is now a valuable commodity. As “big data” proliferates, so do the targets. Data drives decisions on markets, deals, and even sports. The still unfolding hack of the Houston Astros baseball team points out that even obscure data may be the target of an attack.
In traditional state vs. state espionage, the target is the other nation’s plans and capabilities. Foreign governments are trying to gain an edge. In an article in Defense One, Robert Knake highlights 5 Chinese cyber-attacks that could be even more damaging to U.S. interests. Those attacks targeted not only military information but issues as diverse as freedom of speech and critical infrastructure systems controlled by dozens of private sector companies. Recently publicized activity indicates that China is involved in commercial espionage as well. Industrial espionage allows companies to steal the intellectual property of others and avoid the time and expense of research and development.
What then are the options for protecting your data? Encryption offers a defense. As discussed in a recent blog post by Carolyn Schrader, data encryption should be part of your standard cyber defense toolkit. While encryption carries a cost in terms of time and computing power, it should be considered an investment in security. The second security practice is multi-factor authentication. In the OPM case, the attackers obtained valid credentials (usernames and passwords). Social engineering is quite useful for obtaining this type of information and has figured in any number of cyberespionage and cybercrime cases. The advantage of multi-factor authentication is that a password alone is not enough. The attacker needs a second factor to access the system. The recent hack of password storage provider LastPass shows the importance of multi-factor access control. For those that used multifactor authentication, their data is still encrypted and protected.
If your’re interested in learning more about this topic visit my blog.
Bottom line: if your data is important to you, it is likely interesting to someone else as well. It should be protected by something more than a simple password.
Gerwitz, D. (2015 6–16). LastPass hack reinforces importance of using multi-factor authentication. Retrieved June 17, 2015
Knake, R. (2015 6–15). 5 Chinese Cyber Attacks That Might Be Even Worse Than the OPM Hack. Retrieved June 17, 2015