Recently, someone made a significant financial transaction over phone with one of the leading banks in America. Right after he hung up the phone, within 5 minutes, he got a phishing email that looked just like an email alert from his bank stating “We have detected an irregular activity on your account.” If he wasn’t careful as to what the embedded link on the “Get Started” button was, he would have compromised his PC, the corporate network and potentially the bank account information. He informed the bank, but, never heard back from them! Why commercial businesses ignore consumers’ cyber protection is a separate topic by itself.
In this case, the possibility of cyber security breach would have occurred in (1) the company’s or bank’s VoIP network, (2) ISP’s phone lines, (3) someone overhearing him or the customer support person of the bank, or (4) the bank’s customer support system or any number of IT systems involved in such a financial transaction. While investiating, they had ruled out the security compromises on their end; company’s VoIP network or someone at their office overhearing his conversation and acting upon it. That leaves the ISP’s phone network and the bank’s personnel, network, and their IT systems. We are in no position to evaluate those vulnerabilities as a consumer.
This event and the thousands of cyber security incidences that occur every day, should make you wonder if vast number of commercial networks across the internet backbone are compromised and if there are stealthy bots strategically situated across the digital world to skim sensitive information. Corporations hire top digital security personnel, but, that alone is not going to solve the problem. An unaware employee in a corporate network can compromise the entire network without his or her knowledge by simply clicking a link in an email or a supposedly trusted website among the myriad of social or news media sites and e-commerce websites.
Hackers on the big bad internet is like criminals roaming free, except, that when a physical crime is committed, it is more often visible than a crime committed in the cyber world. Of course, there are security software, but, the truth is that, the hackers are several steps ahead of those security software.
Cybercrime is highly profitable, scalable beyond anyone’s imagination, and often widely distributed across the globe, that is hard to track and eliminate.
So, how can businesses protect their computers and networks from hackers? How can businesses help their employees to help themselves from unknowingly making a mistake of inviting a hacker to their computer and compromise their network? The problem is exponentially difficult for SMBs as they don’t have nor can afford to dedicate cyber security resources like any large enterprise, despite the fact that most large enterprises are failing silently in their cyber protection efforts.
The simple answer to cyber security threat is to cut the internet cord which is not acceptable to the modern work force or closely manage access to the outside world away from the network where the corporate data reside. This require a change in perspective on how the infrastructure, from PCs to corporate servers, are deployed and managed. Businesses have to provide their employees access to the outside world while providing a “cyber clean room” for performing their daily corporate work.