Cyber espionage is not a problem only the federal government deals with. Companies that rely on the Internet, both public and private, are being targeted as well.
Cyber attackers are becoming more skilled at stealing massive amounts of data over long periods of time, and many businesses are unaware of a breach in their computer networks until the damage is done. Cyber espionage sophistication and attacks are expected to increase; therefore, U.S. companies need to begin looking at their cyber security more in-depth.
Below steps can stop some intrusions or at least help to detect them more rapidly and minimize damage:
- Avoid complacency; don’t think it can’t happen to your company.
- Assume your network has already been penetrated and change strategy from reactive to proactive.
- Cyber security has to be dealt with strategically at senior management levels.
- Get rid of the silo approach; security is a business issue as well as an IT concern.
- Develop measures for centrally controlling and monitoring what devices can be attached to corporate networks and what data can be stored on them.
- Separate perimeter from the core; a sound perimeter defense alone is not adequate to protect against penetration.
- Conduct regular penetration testing of company infrastructure and third-party shared network systems.
- Use two-factor ID or long passphrases.
- Layer security and segment data.
- Identify and isolate the “crown jewels” and implement compartmentalized access procedures.
- Assign threat focus areas. Don’t get distracted by the small, unsophisticated attacks. Filter them out and concentrate on the more serious ones.
- Be more open. Disclose the breach to partners first, then the public. The SEC requires public companies to disclose security breaches.
- Think twice about entering into a joint venture with a Chinese company. The potential for losing IP is significant. Stealing IP is an accepted business practice in China and there are no negative consequences.
- Be judicious about hiring. Nation-states often recruit their foreign nationals who work for U.S. companies for cyber espionage purposes, appealing to their sense of patriotism.