April 2017 Digital Edition
March 2017 Digital Edition
Feb. 2017 Digital Edition
January 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
People, processes and technology: A winning combination in the fight against cyber crime
Cyber crime has certainly increased in magnitude and latitude in recent years. Today, malicious cyber behavior costs global citizens more than $1 trillion, impacting businesses of all sizes, jeopardizing the safety of millions of individuals and compromising the security of government organizations across the world.
Unfortunately, it's unlikely that cyber crime will decline anytime soon, which means that the world's citizens must remain vigilant and brace for still more attacks. Meanwhile, enterprises, service providers and government organizations are investing in cyber security software of all sorts, driving exponential growth in the market. In fact, a report by Global Industry Analysts, Inc. estimates the cyber security market will reach an incredible $80.02 billion by 2017.
While investment in technology is certainly the first line of defense, it alone is insufficient to fight cyber crime, and will never be able to morph quickly enough to keep pace with innovative cyber criminals. Rather, a triumvirate -- people, processes and technology (PPT) -- is integral to winning the war against cyber crime.
Assembling a coalition
It's a simple premise: Without the attention of well-trained people, or "cyber warriors," and without policies for governance and control of applications, our IT networks are left vulnerable to attacks. Consider just how many networks are compromised because of “social attacks.” You receive an email from a source like PayPal or Chase or Wells Fargo. The email appears to be real, with no telltale spelling errors. A link is included, disguised as a real URL. But if you right-click on the link, the address of the message is transported to a foreign country or even a random U.S. city where the company doesn’t have any presence -- and directly to the cyber criminals who are awaiting access to your personal or company data.
Technology may be able to help somewhat in this circumstance, but in reality, intense employee training is even more critical in order to educate the masses and spread awareness about cyber security and the variety of tactics criminals employ to gain access to networks and sensitive information. Security and network employees must be trained to keep a vigilant eye on their networks' traffic patterns to discern the anomalies that are a precursor to new and different levels of attacks.
Governance or policies must also be addressed. A recent study conducted by Narus, Inc., in conjunction with the Ponemon Institute, queried CIOs and CISOs about how technology might improve their company’s security posture and cyber readiness. One question -- "Where is your organization’s cyber readiness most deficient?" -- yielded significant insight. The overwhelming majority of respondents indicated that their companies were most deficient in professional and competent staff (the people factor); a deficiency in governance (policy) came in at a very close second. Technology was a distant third.
There has been some progress in addressing cyber security outside of technology. Historically, a lack of information-sharing between the public and private sectors has impeded partnerships necessary to properly address cyber threats. Now, this challenge is slowly dissolving, with more emphasis on putting cross-agency cooperation in place to ensure a more focused approach to security.
Another trend in fighting cyber crime lies in a coalition of forces -- an “ecosystem” -- comprising strategic alliances, technical relationships, and partnerships among leading security companies and systems integrators. This cyber security ecosystem is designed to provide a holistic approach to cyber security, using both loose and tight integration of complementary products, technologies and services.
Still, most technologists feel that the solution to the war on cyber crime lies in better technology. Admittedly, there seems to be a pervasive attitude that the addition of another module here and an upgraded box there will adequately protect our critical networks. The reality is that solving the problem of cyber security and making sure government IT, critical infrastructure and carrier networks are safe requires a well-thought-out plan that integrates PPT. Only when we are able to address PPT in concert we will have a better chance of maintaining and protecting the integrity of our IP networks.
Greg Oslan is CEO of Narus. He can be reached at: