By CALVIN PYNN
As technology continues to develop and evolve, it’s inevitable that crimes will evolve along with it as more and more people depend on the Internet as a medium to use their sensitive, personal information.
Just as people have their information hacked every day, businesses are just as vulnerable. SyCom Technologies, located in Roanoke, works against that threat, providing and integrating solutions for entities all over Virginia, as well as the east coast.
Two of SyCom’s employees, Senior Advanced Engineer Darren Manners and Solutions Architect Allen Surface, came forward to suggest how small businesses in Pulaski can protect themselves from cyber crime.
In his position, Manners’ responsibility is to break into a company’s computer system to mimic what hackers and other cyber criminals do to test them, and make sure their prevention and detection techniques are up to speed.
According to Manners, when he tests an organization, he sees repetitive issues, which could be as simple as a default username and password or systems that are not patched. They could also be as sophisticated as emails with links that lead to malware, which many people open without a second thought, from which hackers can steal their personal information.
“The way the increase in cyber security is, to look at it, you’ve got to step 10,000 feet back to see how things have moved,” said Manners. “If you imagine what there is online, what the illicit, illegal action is, you’ve got pornography, gambling, illegal software services, counterfeit, hacker on hacker attacks, forwards, identity theft, even trading personal identifiable information.”
Manners also said that a lot of smaller companies don’t consider themselves to be massive targets because they lack association with larger companies. In reality, smaller companies have access to the larger ones, which opens them up to supply chain attacks, where hackers will attack the smaller companies to gain access to the larger organizations they work with.
According to Manners, this is what caused the Target security breach a few months ago. He also listed some basic steps businesses can take to protect themselves.
“If people patch their systems, if they don’t use default usernames and passwords, and if they limit their threat surface, and don’t click on everything that turns up in their email inbox, those are some ways they can start protecting themselves,” said Manners.
Surface, who designs solutions for network architecture, said cyber criminals have developed a new way of thinking, as they hone in and find their victim’s weak points.
“Attacks are becoming more targeted, and more sophisticated than before,” said Surface. “Instead of attackers trying to bombard a company with a bunch of attacks like an email phishing, it’s becoming much more intelligent, isolated and sophisticated in the sense that they are targeting individuals and entities within an organization.”
According to Surface, it boils down to the fact that customers need to not just rely on traditional firewalls and hardware to protect them. Although those are necessary tools, it goes much deeper than that.
“It’s about having that overall security protocol within an organization that they abide by,” said Surface. “They’re not chasing down the symptoms, but they’re fixings the things that are causing the issues in general.”
Manners also pointed out that cyber crime is something that happens on a global scale, and could require enforcement from a higher authority. One solution he suggested was to give more power to the Internet service providers to switch the connections to the criminals off.
“We have to take the big picture view of things,” said Manners. “It’s not just companies that have to be able to do things, but governments as well.”
In recent years, agencies such as the F.B.I. and Secret Service have stepped up their efforts to catch cyber criminals, while the United States has been prosecuting an increasing number of those criminals within the country. However, Manners said that they should focus more on catching criminals who attack from abroad.
“If we just sit here and don’t do anything, its just going to increase,” said Manners.
According to Surface, cyber crime is a profitable business for the entities that commit it. One organization he cited was the Russian Cyber Criminal Network, which accounts for 30 percent of all kinds of different attacks, and pulled in $4.5 billion in 2011, out of a total $12.5 billion stolen through cyber crimes that year.
“Essentially, people are making money off of it, so you’re going to see a rise in it,” said Surface. “As more and more things rely on technology, the more and more this is becoming an issue.”
With the increase in cyber crime in recent years, people have seemed to start paying attention to its effects. New regulatory requirements are also on the horizon, such as PCI (Payment Card Industry) 3.0 regulations, which organizations have to adhere to if they store or transmit processed credit cards, which will take effect in 2015.
“People are starting to see the tipping point, especially after the Target breach,” said Manners. “What happened was everyone understood that there is an impact on the end user, so governments are starting to take notice.”
Despite that, he added that regulatory compliance helps, but it is only a minimum.
“It only helps to a certain extent, and even then, they have to find the companies that adhere to that,” said Manners.
New developments are coming along, and therefore people are becoming more secure by default. Still, according to Surface, it all comes down to individual responsibility, as people need to start taking care of themselves and their personal information.
“You can have the best technology in the world, but if you go about setting up usernames and passwords and leave them open on the Internet, then you’ve got an issue,” said Surface.