These days, cybersecurity threats are outpacing the technology that protects sensitive data. And, new threats are popping up faster than the legal framework that governs data privacy and security can catch up.
Most of these data breaches fall into three categories: Those motivated by financial gain; Breaches of U.S. government organizations by foreign governments to steal government secrets for military, intelligence, economic or other foreign policy gains; and then Cyberextortion. These primary categories highlight the diversity of hackers’ targets and the creativity of their methods, and the frequency of these hacks demonstrate the inadequacy of traditional approaches to cybersecurity.
Inside Counsel recently sat down with Peter Toren, partner, Weisbrod Matteis & Copley, to discuss the new approach that must be taken to protect sensitive data from hackers of all types.
So, why do we have to be multifaceted when preparing for cyber attacks these days? There are two key reasons, according to Toren. First, attacks can come from a variety of sources, external (international, domestic) or internal (employees, contractors, etc.). For external, companies must have strong firewalls and systems that not only prevent outsiders from breaking into the company's computer system, but also will not notify responsible officials that the company is under attack so further preventive measures can be instituted. With regard to internal, a company must have in place strong internal controls to prevent employees from accessing information that they are not authorized to use.
“These controls are very different from preventing outsiders from hacking into the computer system and are equally important since studies have shown that employees pose a significant risk to a company's computer system and proprietary information,” he explained.
Cybersecurity threats are outpacing the technology that protects sensitive data. “The resources of the bad guys is much greater than what is being spent to defeat the bad guys,” said Toren. “Many companies (not all) would rather not spend as much money as required on computer security because computer security is not a profit center and companies would rather hope that they don't become the victim of a computer hack.”
On the other hand, the reason for the bad guys is to hack into companies and steal information for financial gain. Computer systems and the Internet were originally designed to be open systems and it is difficult to make secure a system that was not originally designed to be secure.
These emerging threats are popping up so fast lately because of the value of the financial value of the information that is at-risk, according to Toren. For many companies the value of their intangible assets exceeds the value of their tangible assets. Unlike a tangible asset, such as a factory that cannot be stolen, intangible assets, such as a trade secret, are at risk from theft.
He said, “We have been living in an information age for some time and the value of information, whether it be credit card numbers or trade secrets, is only increasing.”
According to Toren, to combat these threats, companies should devote resources towards protecting valuable information from external and internal threats.
“This is not a one-time expenditure,” he said. “But companies should act on an ongoing basis and consistently update their defenses/systems as new and different threats materialize.”