As Sony struggles to restore PlayStation Network (PSN), the effect of neglecting the dangers of cyber criminals are starting to be played out in the public domain. There was once a time when hackers were never really interested in causing complete chaos but focusing on stealing from corporations. That norm is now changing. We are starting to see what looks like an all out warfare against anyone with online service and with no distinct motives. Sony in particular faces a dire situation as they failed to fully disclose the nature of the attacks to their users.
Last year, a worm called Stuxnet surfaced with main target being Seimen’s software that is use by Iran’s Nuclear plant facility. This was a sophisticated worm that disrupted high number of systems in Iran but feel short of the main target which would have been an headline bursting move.
Earlier this month (April 2011), it was reported that a major law firm in Bay Street, Toronto was subject of hacking and information harvesting. The hackers were seeking files relating to mergers and acquisitions. The attacks lasted seven months until foiled.
The long and short of this is that attacks are becoming very diverse and varied in nature. If you really care about your services or information held, you have to be at a constant alert. You cannot be take likelihood of being compromised likely. The nature of the internet today also makes it even harder to not have a proactive defense system. You are no longer protected by using simple firewalls. It is also known that huge percentage of attacks are initiated behind the firewall. This is where your security team need a sophisticated approach to protecting assets. Every node and every access point on the network has to fall within an elaborate plan of a layered defense security approach. Not just security at the perimeter, but security that encompasses physical, administrative and logical channels.
Anyone still thinking that security measures are not quantifiable should take a good look through the newsreel to understand that one breach and negative publicity can turn into sizable lose of revenue that would cost more than appropriately investing to protect your assets and users from attackers.