Cybercrime As An Economic Threat

Speaking on Good Morning America this morning during a report on the terror threat, former counterterrorism czar Richard Clarke pegged cyberthreats as just as, if not more, serious than the next iteration of the underwear bomber. "Every day major corporations in the country lose their intellectual property, their corporate secrets, without even knowing it, to successful Chinese hacks" says Clarke. "This is the real big threat, because it takes away our economic advantage."McAfee's George Kurtz in a blog post called these advanced persistent threats "the equivalent of the modern drone on the battlefield" in that they deliver their payloads with way too much accuracy.

As if organized cybercriminals trying to siphon off credit card data wasn't enough to worry about.

Security experts argue that it's nearly impossible to prove that attacks even originate in China, much less that the government is sponsoring electronic espionage. For enterprise IT pros charged with keeping data safe, though, the who and where matter less than the how of protection.

That's why I wanted to do a roundup of the security-focused InformationWeek Analytics reports you can download now. These guides, written by such noted security experts as Savid's Micheal A. Davis and WaveGard's Rick Dreger, cover topics ranging from encryption to data-centric security (both with exclusive research) to compliance and physical/logical security convergence.

For example, in our Data-Centric Security research report, we explore the link between adoption of DLP and data-focused security and detail best practices to become more focused on data.

In our Physical and Logical Security Convergence report, we point out that no longer can companies justify duplicative security spending, especially since newer physical security products are heavily IP based. After all, the government put a stake in the ground years ago via HSPD-12; since then, our tax dollars have subsidized plenty of convergence R&D, and it's time to take advantage.

When you talk about how to protect data, encryption is on anyone's short list. Yet, even though many regulations and compliance frameworks require encryption for data in motion and at rest, only 14% of respondents to our survey say that encryption is pervasive. YEah, we were surprised too. In this report we discuss where sensitive data is going unencrypted and what's holding IT back.

In our 5 Steps to Data-Centric CyberSecurity report, we discuss how government agencies that outsource major applications to the private sector are further abstracting system boundary and perimeter concepts. The answer, again, is a shift in thinking away from yesterday's security approaches and toward data-centric protection via technologies like encryption, data loss prevention and strong access controls.

Finally, in our Database Activity Monitoring report, we help security-conscious organizations tackle the complexities involved in effectively monitoring databases for potential leaks and compromises and discuss what enterprises need to know about selecting, deploying, and managing DAM technology.