Deter Cyber Theft Act Underscores Need for Network Security Vigilance

By

The Deter Cyber Theft Act, introduced to the U.S. Senate last month, underscores the importance of tight network security and a unified approach to threat management. The legislation, sponsored by Senators Carl Levin, D-MI, John McCain, R-AZ, Jay Rockefeller, D-WV and Tom Coburn, R-OK, outlines provisions to deter theft of intellectual property from U.S. businesses. This is the latest Congressional effort to enact cyber security legislation (highlights of the bill are outlined later in this post), but of course, the best strategy is a network security solution that protects proprietary information and prevents data from getting into the wrong hands in the first place. In fact, we recommend that updates to network security measures be performed regularly, at least every 12 months, and replaced every three years. (Contrary to the beliefs of some, firewalls are still must-haves as part of a greater unified threat management strategy.)

While large organizations have more risk of web malware threats, up to 2.5 times more by some estimates, small businesses and manufacturers are increasingly intermediary targets for gaining access to intellectual property and sensitive data via the supply chain. And compromised legitimate websites—often visited for business purposes—are now responsible for spreading more malware (through “malvertisements” -  third-party ads with hidden attack code) than sites historically thought to pose more danger. If you’re concerned with network security, the Fortinet Security Report highlights six emerging threats for 2013 that should factor into your network security strategy.

  • Cybercriminals are taking advantage of the vast and expanding threat landscape. As more employees use multiple devices, services and applications when accessing business networks, exposure, risks and vulnerabilities are escalating. Fortinet predicts that advanced persistent threats will target individuals through mobile platforms, specifically aimed at CEOs and other high-profile figures.
  • Malware developers know that securing mobile devices is more complicated than securing traditional PCs, so mobile malware growth is expected to climb even more.
  • Exploits will target machine-to-machine communications. Although this technology has the ability to remove human error in many situations, companies are still challenged with securing it.  As a result, M2M hacking will emerge as a critical issue.
  • Attackers will use innovative exploit code to circumvent “sandboxing,” a security technology practice that runs network programs and applications separately so malicious code cannot transfer from one process to another.
  • Cross-platform botnets will increase with the emergence of new forms of Denial of Service (DOS) attacks that will use both PC and mobile devices simultaneously.
  • Increasingly sophisticated password cracking tools will more easily crack single password sign-in, necessitating moves to multi-factor authentication solutions for more businesses.

As for the Deter Cyber Theft Act, S. 884, if enacted, it would require the Director of National Intelligence (DNI) to compile an annual report on foreign economic and industrial espionage, listing:

  • Foreign countries that engage in economic or industrial espionage in cyberspace against U.S. firms or individuals with a priority watch list of the worst offenders
  • Targeted U.S. technologies or proprietary information and, to the extent possible, information that has been stolen
  • Products that have been produced using such stolen information
  • Foreign companies, including state-owned firms benefiting from such theft
  • Details of espionage activities of foreign countries
  • Actions taken by the DNI and other federal agencies to combat industrial or economic espionage in cyberspace

The legislation would also require the President to block imports of products containing stolen U.S. technology, products made by state-owned enterprises of nations on the priority watch list that are similar to items identified as stolen or targeted U.S. technology, and products made by companies identified as having benefited from the theft of U.S. technology or proprietary information. We’ll follow the progress as the bill moves through the Senate to keep you apprised of the outcome.

Meanwhile, as security threats increase and businesses and organizations move to cloud-based services and mobile connectivity, a unified threat management strategy with an integrated, layered approach to network security is critical. At Windstream, we go to extraordinary lengths to offer customized security solutions that keep networks and data secure. Windstream solutions include Managed Network Security with cloud-based and customer premise equipment options that unify stand-alone network security; Multi-Factor Authentication for Managed Firewall; Managed Intrusion Detection Services that provide an advanced layer of security; and SSAE 16, SOC 1 Type II-compliant data centers offering colocation, dedicated server, managed services, cloud computing and disaster recovery services with the highest level of security.

If it has been a while since you’ve made network security updates or implemented your current solution, talk to a Windstream advisor about customized options. In today’s world, a unified threat management strategy is essential to the viability of your business.