Читать книгу Getting an Information Security Job For Dummies - Gregory Peter H. - Страница 6

Information security, or InfoSec, was once considered a technical discipline with little business relevance. Now, however, it is a topic of heated discussions in corporate boardrooms around the world. Information security matters because information technology matters – and because criminals are finding it easy to steal sensitive and private information from organizations’ information systems.

Increased reliance on information systems

Organizations of every kind, as well as a growing number of private citizens, rely on information systems for conducting daily affairs more than ever before. We buy more and more Internet-connected products, partly for convenience and partly for the cool factor. Before long, it will be easier to count the things that aren’t connected to the Internet.

You might have heard that data and information are the new currency. Although this statement might sound like a cliche, it’s true for several reasons:

✓ Organizations can use software tools to examine electronic business records and gain valuable insights that help them find new opportunities. For instance, a grocery store can add new items to its inventory based on sales trends.

✓ Organizations can use information systems to make business processes more efficient. For example, if an organization puts sales details in an information system, the customer service department could electronically access those records and be far more efficient.

✓ For banks and other financial institutions, data actually is money, or at least the closest representation of money. For instance, transferring funds or paying bills online is mostly about making a number bigger in one place and smaller in another.

This increased reliance on Internet-connected systems and devices makes our businesses more efficient and our lives easier, but there is a dark side: Criminals are also turning to Internet-connected systems to disrupt businesses and steal valuable information.

Growth in cybercrime

Organizations of every kind are increasing their reliance on information systems for storing and processing valuable information. Meanwhile, cybercriminal organizations have grown, organized, and made vast improvements in the skills and tools they use to find and steal this information.

“Last year was the first year that proceeds from cybercrime were greater than proceeds from the sale of illegal drugs, and that was, I believe, over $105 billion,” according to Valerie McNiven, who advises the U.S. Treasury on cybercrime. “Cybercrime is moving at such a high speed that law enforcement cannot catch up with it.” Ms. McNiven made this claim in 2005; in the past ten years, cybercriminal organizations have made impressive gains in their capability to steal valuable data.

According to idtheftcenter.org, some of the largest security breaches in 2014 were as follows:

✓ Sony Pictures: 33 thousand documents and several unreleased films

✓ U.S. Weather System: breach to NOAA weather satellite network

✓ JP Morgan Chase: 76 million records

✓ Home Depot: 56 million records

✓ Community Health Systems/Tennova: 4.5 million records

✓ Michaels Stores: 2.6 million records

✓ Texas Health and Human Services: 2 million records

✓ Internal Revenue Service: 1.4 million records

✓ Staples: more than 1.1 million records

✓ Neiman Marcus: 1.1 million records

✓ State of Montana: more than 1 million records

✓ Viator: 880 thousand records

✓ Goodwill Industries: 868 thousand records

✓ Oregon Employment Department: 851 thousand records

✓ U.S. Postal Service: 800 thousand records

✓ Variable Annuity Life Insurance Company: 774 thousand records

✓ Spec: 550 thousand records

✓ Aaron Brothers: 400 thousand records

Although 2014 was not an encouraging year in information security, it is for businesses whose mission is the protection of critical information.

So many security breaches are occurring that several websites are devoted to listing them, including

✓ www.privacyrights.org

✓ www.idtheftcenter.org

✓ www.datalossdb.org

Improved defenses

This scourge of break-ins and breaches does not mean that governments and industries are going to turn tail and stop their expansion of information systems. Instead, organizations of every size and type are hiring security professionals to improve security measures that protect their systems. Security professionals are doing the following to protect critical data:

✓ Hardening systems and applications to make them more difficult to attack

✓ Adding layers of defense

✓ Performing security scans to find vulnerabilities

✓ Conducting internal audits of security controls

✓ Training personnel to recognize intrusion attempts

✓ Improving security in partner and supplier organizations

✓ Updating business processes to include security procedures