April 2017 Digital Edition

Click Here

March 2017 Digital Edition

Click Here

Feb. 2017 Digital Edition

Click Here

January 2017 Digital Edition

Click Here

Nov/Dec 2016 Digital Edition

Click Here

Oct 2016 Digital Edition

Click Here

Technology Sectors

Market Sectors

People, processes and technology: A winning combination in the fight against cyber crime

Greg Oslan

Cyber crime has certainly increased in magnitude and latitude in recent years. Today, malicious cyber behavior costs global citizens more than $1 trillion, impacting businesses of all sizes, jeopardizing the safety of millions of individuals and compromising the security of government organizations across the world.

Unfortunately, it's unlikely that cyber crime will decline anytime soon, which means that the world's citizens must remain vigilant and brace for still more attacks. Meanwhile, enterprises, service providers and government organizations are investing in cyber security software of all sorts, driving exponential growth in the market. In fact, a report by Global Industry Analysts, Inc. estimates the cyber security market will reach an incredible $80.02 billion by 2017.

While investment in technology is certainly the first line of defense, it alone is insufficient to fight cyber crime, and will never be able to morph quickly enough to keep pace with innovative cyber criminals. Rather, a triumvirate -- people, processes and technology (PPT) -- is integral to winning the war against cyber crime.

Assembling a coalition

It's a simple premise: Without the attention of well-trained people, or "cyber warriors," and without policies for governance and control of applications, our IT networks are left vulnerable to attacks. Consider just how many networks are compromised because of “social attacks.” You receive an email from a source like PayPal or Chase or Wells Fargo. The email appears to be real, with no telltale spelling errors. A link is included, disguised as a real URL. But if you right-click on the link, the address of the message is transported to a foreign country or even a random U.S. city where the company doesn’t have any presence -- and directly to the cyber criminals who are awaiting access to your personal or company data.

Technology may be able to help somewhat in this circumstance, but in reality, intense employee training is even more critical in order to educate the masses and spread awareness about cyber security and the variety of tactics criminals employ to gain access to networks and sensitive information. Security and network employees must be trained to keep a vigilant eye on their networks' traffic patterns to discern the anomalies that are a precursor to new and different levels of attacks.

Governance or policies must also be addressed. A recent study conducted by Narus, Inc., in conjunction with the Ponemon Institute, queried CIOs and CISOs about how technology might improve their company’s security posture and cyber readiness. One question -- "Where is your organization’s cyber readiness most deficient?" -- yielded significant insight. The overwhelming majority of respondents indicated that their companies were most deficient in professional and competent staff (the people factor); a deficiency in governance (policy) came in at a very close second. Technology was a distant third. 

Embracing PPT

There has been some progress in addressing cyber security outside of technology. Historically, a lack of information-sharing between the public and private sectors has impeded partnerships necessary to properly address cyber threats. Now, this challenge is slowly dissolving, with more emphasis on putting cross-agency cooperation in place to ensure a more focused approach to security.

Another trend in fighting cyber crime lies in a coalition of forces -- an “ecosystem” -- comprising strategic alliances, technical relationships, and partnerships among leading security companies and systems integrators. This cyber security ecosystem is designed to provide a holistic approach to cyber security, using both loose and tight integration of complementary products, technologies and services.

Still, most technologists feel that the solution to the war on cyber crime lies in better technology. Admittedly, there seems to be a pervasive attitude that the addition of another module here and an upgraded box there will adequately protect our critical networks. The reality is that solving the problem of cyber security and making sure government IT, critical infrastructure and carrier networks are safe requires a well-thought-out plan that integrates PPT. Only when we are able to address PPT in concert we will have a better chance of maintaining and protecting the integrity of our IP networks.

Greg Oslan is CEO of Narus. He can be reached at:

[email protected]

 

Recent Videos

HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...
PureTech Systems is a technology leader in the use of geospatial video, focusing on perimeter security.  When combining geospatial capabilities with video analytics and PTZ camera control, managers of critical facilities can benefit by allowing the video management system to aid them in the process...