Welcome

Thank you for visiting Paducahsun.com, online home of The Paducah Sun.

Calendar
June 2012
S M T W T F S
27 28 29 30 31 01 02

Click here to submit an event.

CIA's data breach and your business

BY MICHAEL RAMAGE

WikiLeaks recently published several documents reported to be from the Central Intelligence Agency, revealing a glimpse into the digital secrets of the CIA's hacking ability and digital espionage tactics. The release of information is so large that it is hard to comprehend, but what does it mean for your small business? Should it change what your small business does in cyber security strategy or affect what you can do?

According to WikiLeaks, an anti-secrecy organization, thousands of CIA files have been leaked to it and will be released on the WikiLeaks website over time. Currently, there are nearly 9,000 CIA files that have been recently published on the website. The release confirms what many have suspected for years. The CIA has a vast number of offensive cyber weapons at their disposal. These cyber weapons could target any person or organization anywhere in the world.

According to the reports, the CIA has weapons that can attack a variety of operating systems like Windows, iOS, Android or even programs running on those systems, such as WhatsApp.

They also have tools that can collect information on specific computers or individuals. The documents detail weapons that can take over web cameras, turn a thumb drive into a listening device and use a phone to record conversations.

Maybe more concerning, the reports indicate that the CIA also purchased cyber weapons from third parties.

Scary, right? Sure, all of the information that has been leaked is scary. From a privacy standpoint, it could cause people to question what is truly private and what is truly protected. However, I look at the disclosure a little different.

I have always assumed that the CIA, and similar organizations, have been capable of the actions recently reported. If they wanted to target me, I would assume they had the capability and tools to do it. Is it disconcerting? Sure, but it saves me from being worried about it.

The breach and release of information is definitely an embarrassment to our security agency. The documents have created an international crisis in which foreign governments may question our motives and even actions, but what does it mean for a small business or businesses in general?

Generally, it may mean that the development of the Internet of Things (IoT) could slow down over privacy concerns. It could mean activities requiring confidential or sensitive information being held on phones or tablets slow down. New voice activated devices, such as the Amazon Echo, could be less accepted by society than current levels.

From a positive standpoint, it could mean that companies patch their known vulnerabilities faster. It also means that more companies will purchase cyber insurance, ensuring that their plans cover all possible costs, including revenue lost during the breach. However, it is possible that premiums could go up.

But what about a small business? I often advise businesses to ignore the attacks that involve a huge expense and targets a particular business. For example, the Stuxnet virus targeted a specific computer running a specific programmable logic controller running a specific nuclear facility in a specific part of Iran. It was very focused and cost a large amount of money. If the organization that created the Stuxnet virus targeted your business, there would be very little you could do about it.

The CIA breach should not change much about your cybersecurity strategy. Yes, there are more avenues into your system than previously known. Yes, there are chances that bad actors could obtain these tools. Your business should consider the risks, but also realize that the larger risks to your organization haven't changed.

The same five security recommendations still apply:

n Create a security policy and follow it.

n Use strong passwords.

n Provide user awareness training regularly.

n Invest in security technologies, in a layered defense in depth manner.

n Regularly conduct audits/assessments of your company's security.

Your company has a better chance of being hacked due to a weak password than being targeted by the CIA. Your company has a better chance of getting ransomware due to someone clicking a link in a phishing email than your company being specifically targeted by the CIA.

If your organization was truly targeted in a large and focused way by the CIA or similar organization, would it be worth their effort? There are some businesses that are working in areas of national security. For the bulk of businesses in the region, it isn't that important. And frankly, if it was worth it, your business probably can't afford to stop it.

Focus on the attacks that you can prevent and are likely to occur. Your business has only so many resources to invest in security.

Focusing on the CIA capabilities is likely not the best use of resources. It is definitely a data point to include, but do not let it alter your company's security strategy.

Michael Ramage is the director of the Center for Telecommunications Systems Management (CTSM) at Murray State University. CTSM conducts research in the various areas of technology as well as serving as a liaison between the academic and private sectors to see that a sufficient technology workforce is available. He can be reached at mramage@murraystate.edu or 270-809-3987 for questions or more information.

Comments made about this article - 0 Total

Comment on this article

Your comment has been submitted for approval
captcha d4670b7d9b8b4104aff5dcf837fc6eac
Top Classifieds
  • Labrador Pups $500 839-1198 Details
  • MINI Aust. Shepherd pups, $170. 270-9 ... Details
  • HAVANESE PUPS AKC Home Raised, Best H ... Details
  • SEEING is believing! Don't buy p ... Details
  • Details
  • Beautifully &Totally Renovated Co ... Details
  • House for SaleAurora, KY2 Bdr, Liv RM ... Details
  • Lower town Condo w/ garage, Leslie He ... Details
  • AUTOMOVER SPECIAL6 lines - 14 dayson ... Details
  • Red 2013Ford Taurus Loaded30,000 + mi ... Details
  • 2007 NissanAltima Hybrid147,000 miles ... Details
  • 2002 HARLEY DAVIDSON "BAD BOY&qu ... Details

Most Popular
  1. Cutlines for decor spread
  2. Home Away from Home Southern Grace Assisted Living
  3. Southern Style in the Summertime
  1. New Paducah ice cream shop a fresh, family affair
  2. Joe Ford Jr. found dead in wreck off I-24
  3. Gander Mountain store will reopen
  1. Cutlines for decor spread
  2. Home Away from Home Southern Grace Assisted Living
  3. Southern Style in the Summertime
Discussion

Check out these recently discussed stories and voice your opinion...