The most basic definition of a cyber attack is an attack from one computer to another. The word cyber- comes from the original word cybernetics. Cybernetics is the study of communication and control systems in living things and machines.
The category of cyberattacks we’re traditionally aware of is identity theft. I’d say the worst types of identity theft is losing financial data since the repercussions are as “vast” as the perpetrator is “creative”. According to the Bangor Daily News, today we find that intelligence gathering is the new form of cyber security that is just as much of a problem (if not more) as identity theft has been in the past. In fact it seems to be an even trickier problem than identity theft because cybercriminals are constantly updating their methods of intelligence gathering. In tandem with the evolving methods of cyber criminals, there must also be evolving methods for cyber defenders. The real problem is that “evolving” your security systems can be expensive.
Where to Start?
If you were to ask most small businesses in Maine how well equipped they are to handle a cybersecurity attack, what would they answer? Even more startling is the answer to the question: Can you describe your current security plan?
Though the answers to these questions may vary, not everything is doom and gloom. After all, the BDN article doesn’t tell us how many cyberattacks have actually taken place, nor their locations. Perhaps these statistics were omitted in the BDN article but were in fact mentioned in the statewide forum held by Sen. Angus King. The BDN article itself gives no statistics on this and should therefore not cause alarm to audience members, but it should, however, be a catalyst for starting the investigation process into the status of your organization’s security environment. The only example given in the article was of an organization that was cyberattacked, but aware of it only 200 days later. This fact is a warning to all organizastions who’ve let time go by without knowing how equipped their onsite hardware and personell are to handle an attack of such magnitude. In other words, be concerned now to prevent issues later on. According to Craig Wolf, the assistant U.S. attorney in Portland who specializes in cybersecurity said:
“There really is no breach or intrusion that is too small to report. What may seem to be a minor breach from an individual company’s standpoint may be part of a much larger attack. [Cybercrime] is no different from someone breaking into your house and stealing items, except in this case what is being stolen is valuable ones and zeroes.”
Michael Leking, a Northeast advisor for the U.S Department of Homeland Security, echo’s this importance:
“It’s very important to understand the nature of the data you have. I wish I could envision what business is going to be attacked next, but the reality is that everyone is at risk.”
Are small businesses equipped to deal with a cybersecurity attack? Are employees aware of new and robust security measures?
Small businesses in Maine can look towards experts such as those speaking at these seminars, blogs or community events to stay informed in the cybersecurity world. If you are a small business that is reading this blog or the BDN article, consider the last time you reviewed your on-premises security layout. It’s always good to review this every few years.
After reading the BDN article you may think that workplace training and creating a superior firewall are the only weapons you have against a pending cyberattack. These suggestions given by Craig Wolf and Michael Leking are accurate, but the panacea they offer is for onsite management of cybersecurity only. Again, this is according to the BDN article which gives no mention as to how the cloud (a very popular and current buzzword) would provide a small business some of the best of technology for security. Moving your infrastructure to a hosted facility ensures that you obtain the highest standard of security. Because the cloud host provider is protecting servers from many organizations they have the incentive to invest heavily in the highest security protocols.
During the statewide forum, Senator Angus King said in a recorded message; :
We’re probably the most vulnerable people in the world because we’re the most wired people in the world. Protection has to begin at your server, at your computer and at your desktop.
First, this comment speaks to the growth of the “internet of things” which represents a society that is connected to the internet by various devices which all produce and accumulate data. All data from the internet eventually resides on a server because it’s where data is accessed. For example, most of Wikipedia’s data resides on a server farm in Virginia. This data is shared. But do most organizations have the funds to create the type of security data center that Wikipedia has?
Let’s travel to an article written by Barnes and Thornburg titled, Cloud Computing & Cybersecurity. This is a great article. There are many great resources online that explain how cloud computing can solve many technology related issues (like cybersecurity). At the same time, keep in mind that nothing – not even the onsite management of your data center – can give the 100% guarantee of up time. This is true of any industry where liabilities (either physical or data related) can occur. When you manage your security onsite your own organization is liable for a breach. A cloud provider will provide this agreement in their SLA. The term is called High Availability, and it is there to provide an agreed upon level of performance and uptime. Cloud technology can be a tremendous benefit for those concerned with cybersecurity.
The article’s first paragraph says:
Buying and constantly upgrading servers and other hardware is said to be unnecessary. The need for a large IT staff is diminished. Many cloud providers claim they provide higher levels of security and uptime than typical networks. In short, it is argued that cloud computing provides the next generation of IT resources through a platform that is cheaper, scalable and more easily managed than local networks.
Let us ask ourselves if this pinpoints areas of the BDN article related to cybersecurity. In the first paragraph, Barnes and Thornburg choose to make security a related term in their portrayal of how cloud computing is beneficial to organizations. If Sen. King’s statewide forum created more awareness on cybersecurity it may in tandem create more awareness on cloud computing. The article by Barnes and Thornburg mentions “security” five times within their article, showing the importance this has in litigating business agreements between vendors promising to ensure it and clients desire to have it.
In Maine, businesses cannot always rely on hiring the right personnel to manage cybersecurity. Moving your systems to a secure cloud environment alleviates this necessity but it also goes one step further; It alleviates you having to hire service professionals. Organizations in Maine should, and can, begin the investigation into cloud technology by asking themselves whether their environment can handle a cyber attack. Afterwards, they should ask the same question to a potential cloud provider, such as, “We’re thinking of moving our servers into your secure, cloud environment; how and why is your environment safer?”
Data center providers exist New England. Ask them for a tour of their facility. These companies will give you a free assessment of your environment by professionals who manage servers and security on a daily basis. They do this all day, 365 days per year! Take advantage of this accumulation and focal point of expertise. Also, take notes on your tour. Write down what programs they use to defend your servers both physically and with software. When you’re back at home, research the software company to see if they’re at the cutting edge of security. Remember that when you choose a cloud provider to host your data center, the software they use should reflect innovation, forward thinking, and more importantly, stability.
In order to earn your business, they should be able to explain why moving your servers to their environment is superior to continuing your management of them onsite.
If you would like suggestions for great cloud providers in New England, let me know.