Posts Tagged: "cyber attacks"

Chinese legislators have attempted to enact anti-terror legislation purportedly designed to protect Chinese citizens against terrorist threats. In late December, China passed a law requiring both telecommunications and Internet companies operating in the country to provide decryption, technical interfaces and other assistance to public and state security organizations to conduct investigations of potential terrorist activities. The tech sector has misgivings about Chinese regulations that would force the handing over of sensitive data. Imagine a leak of encryption keys leading Chinese hackers to degrade performance of a foreign tech provider, all in the name of promoting indigenous innovation. That’s a pretty extreme scenario, but one that’s not completely unimaginable considering recent cybersecurity headlines.

As card-present transactions become less susceptible to fraud because of the shift to EMV chip card technologies, it’s expected that more fraud will shift to online platforms where it’s still relatively easy to input fraudulent financial information without being noticed; some reports indicate that online retail fraud in the U.S. alone is expected to rise by 106 percent in three years after October’s EMV liability shift from banks to business owners. One way that businesses conducting sales online can get themselves ready to respond quickly to fraud is through effective planning prior to major sales events like Black Friday or, perhaps more important when thinking about e-commerce, Cyber Monday. If those workers handling fulfillment of online orders are more aware of expected sales projections, it will help them be more aware of clues that the business might be a target for fraud if actual sales figures differ wildly.

Law firms are coming under growing scrutiny for a lack of effort in addressing hacking concerns or even coming clean with the threats which they have faced. A cybersecurity report released in February of this year by Citigroup Inc. (NYSE:C) lambasted law firms for being at high risk for cyber intrusions while the industry standard for cybersecurity remains much lower than for other industries. Law firms who deal with incredibly valuable intellectual properties should be acutely aware of the risks that they face from hackers, especially those from overseas. Patented technologies have been the target of international hackers in recent months. Just this May, the U.S. Justice Department charged six Chinese nationals with stealing IP related to wireless technologies developed by a couple of American companies.

The titans of the 19th Century made fortunes because they controlled access to the raw materials and infrastructure of commerce: steel, oil, lumber, railroads, canals, shipping. In contrast, the Third Industrial Revolution creates value not just from ideas that improve our ability to transform materials, but from information itself. This shift to intangible assets has been profound, but so swift that few have paid sufficient attention to the magnitude of the change. In the Information Age, your secrets – a new technology, a business plan, insights extracted from data analytics – define your competitive advantage. And because business is global, competition can emerge anywhere, anytime.

At a minimum, two-factor authentication rather than a single password, should be used to protect most types of confidential data. With two-factor authentication, the user is required to use two of the following three forms of identification – something they know (password or PIN), something they possess (a token or USB stick) or a physical characteristic of the user (finger swipe) in order to gain access to the data. For more sensitive data, a multi-factor approach offers an even higher degree of security. In multi-factor authentication, a user must use three or more forms of identification. For example, in addition to a password and a token, users are required to answer one or more custom questions, known only to the user.