May 6, 2015   


Hackers: What Security Means to North County Businesses

 By Ted Harrington


Hackers are wreaking havoc on businesses. Take the high-profile attack against retailer Target, where experts[1] estimate that damages could soar as high as $5.3b, with costs ranging from incident response, litigation, fines, customer exodus, and lost profit. The Target breach represented the first time that the CEO of a non-tech company was forced to resign due to a security incident. If ever there was a bell toll for corporate executives that security is a business-critical mandate, and not "just an I.T. problem," this was it.


Corporate executives and their boards have been scrambling to adapt in the face of this daunting challenge. Today's adversaries are very skilled, and are motivated to attack businesses for such reasons as: 

  • the desire to steal intellectual property or other data assets;
  • cause reputational harm; or 
  • make a political statement.

These modern adversaries have become extremely sophisticated, their attack methods are ever evolving, and traditional defenses alone are no longer effective.


However, enterprises should not lose hope. There are techniques that all companies can adopt to deploy a more effective defensive posture. Here are a few effective techniques:


1. Secure Assets, Not Just Perimeters. In today's highly interconnected environments, third-party solutions are so widely integrated that the distinction between "internal" and "external" has become quite blurred. Modern adversaries often attack a victim's trusted vendor to ultimately compromise the victim. Businesses can account for these attacks by building layers of defense-in-depth, a paradigm which assumes that the adversary is already in. Start by identifying your most valuable assets, and then build layers of defense emanating outwards from there.


2. Build Security In, Not Bolt It On. The most effective way to build systems that protect assets is by building security into each stage of the process. As a system or infrastructure is being built, new features and functionality are added, which inevitably introduce new attack surfaces. When building security in, the security of these attack surfaces is considered at each of the various stages of development, and as such the risk is significantly and consistently reduced throughout the entire development process. By contrast, organizations that only consider security at the end of the development process are unable to effectively mitigate risk at the moment when new attack surfaces are introduced.  


The economy of North County San Diego is driven by market verticals very desirable for hackers to attack, including hospitality, bioscience and a collection of other industries dense with intellectual property. By deploying security strategies that are effective against a highly skilled adversary, the region stands a chance at protecting the valuable digital assets that drive this economic engine.


Ted Harrington drives thought leadership initiatives for his security consultancy, Independent Security Evaluators[2]. He was recently named 40 Under 40 by SD Metro Magazine, where he was not only one of the youngest inductees in the class but was also the only honoree from the field of information security. He holds a bachelors degree from Georgetown University.