Preparing for cyber attacks must be multifaceted

These days, cybersecurity threats are outpacing the technology that protects sensitive data. And, new threats are popping up faster than the legal framework that governs data privacy and security can catch up.

 Most of these data breaches fall into three categories: Those motivated by financial gain; Breaches of U.S. government organizations by foreign governments to steal government secrets for military, intelligence, economic or other foreign policy gains; and then Cyberextortion. These primary categories highlight the diversity of hackers’ targets and the creativity of their methods, and the frequency of these hacks demonstrate the inadequacy of traditional approaches to cybersecurity.

Inside Counsel recently sat down with Peter Toren, partner, Weisbrod Matteis & Copley, to discuss the new approach that must be taken to protect sensitive data from hackers of all types.

So, why do we have to be multifaceted when preparing for cyber attacks these days? There are two key reasons, according to Toren. First, attacks can come from a variety of sources, external (international, domestic) or internal (employees, contractors, etc.). For external, companies must have strong firewalls and systems that not only prevent outsiders from breaking into the company's computer system, but also will not notify responsible officials that the company is under attack so further preventive measures can be instituted. With regard to internal, a company must have in place strong internal controls to prevent employees from accessing information that they are not authorized to use.

“These controls are very different from preventing outsiders from hacking into the computer system and are equally important since studies have shown that employees pose a significant risk to a company's computer system and proprietary information,” he explained.

Cybersecurity threats are outpacing the technology that protects sensitive data. “The resources of the bad guys is much greater than what is being spent to defeat the bad guys,” said Toren.  “Many companies (not all) would rather not spend as much money as required on computer security because computer security is not a profit center and companies would rather hope that they don't become the victim of a computer hack.”

On the other hand, the reason for the bad guys is to hack into companies and steal information for financial gain. Computer systems and the Internet were originally designed to be open systems and it is difficult to make secure a system that was not originally designed to be secure.

These emerging threats are popping up so fast lately because of the value of the financial value of the information that is at-risk, according to Toren. For many companies the value of their intangible assets exceeds the value of their tangible assets. Unlike a tangible asset, such as a factory that cannot be stolen, intangible assets, such as a trade secret, are at risk from theft.

He said, “We have been living in an information age for some time and the value of information, whether it be credit card numbers or trade secrets, is only increasing.”

According to Toren, to combat these threats, companies should devote resources towards protecting valuable information from external and internal threats.

“This is not a one-time expenditure,” he said. “But companies should act on an ongoing basis and consistently update their defenses/systems as new and different threats materialize.”

Related stories:

Study: When it comes to privacy, no company is perfect

Cyber attacks and litigation expected to jump in 2016

The game plan for closing the SecOps gap

Cyber breaches & insider threats drive usage of forensic data analytics

Contributing Author

author image

Amanda Ciccatelli

Amanda G. Ciccatelli is a Contributing Writer for InsideCounsel, where she covers intellectual property, patent litigation, cybersecurity, innovation, and more. She earned a B.A. in...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.