Allan Cytryn, an international cybersecurity expert who has worked for several large enterprises as an IT senior executive to protect their digital systems from attack and repair those that have been attacked, gave an often entertaining if alarming talk at the Providence Committee on Foreign Relations on Jan. 12.
He talked about about the threats that companies face, how governments have responded to attacks and the best possible solutions to combat cyber-warfare and corporate espionage, both from U.S. companies and from foreign-state-backed thievery and attacks, most prominently from China and Russia.
Mr. Cytryn started off by by talking about the goals and limits of cyber-defense in a world where major companies get attacked thousands of times a day. He explained that the goals of cyber-defense changed in response to this growing threat.
There’s been a move from trying to prevent breaches altogether to focusing on keeping companies’ critical systems running normally in the face of attacks so that they can continue to meet their customers’ needs.
His biggest point/advice of the evening was that 95 percent of breaches result from human error, such as someone clicking on an attachment sent by the hacker posing as a member of the board. Taking simple, routine precautions can prevent many corporate cyber-disasters. But as the case of American Superconductor shows, the breach can also be perpetrated by someone bribed by a rival to steal information – a very difficult crime to prevent.
Mr. Cytryn said that while the U.S and the E.U. had agreed to increase Internet security for their enterprises and government Web sites, cyber-relations have become more strained because of revelations by former NSA employee Edward Snowden that the United States had been using U.S. phone and Internet companies’ networks to spy on European leaders, including British Prime Minister David Cameron and German Chancellor Angela Merkel.
Thus much cooperation between Europe and the U.S has stalled in cyber matters, with many agreements expiring because of \this Snowden-caused distrust.
Whether the freeze on security agreements is long term or not, the financial and security ramifications will be significant.