It’s tempting to think of cybersecurity in the abstract, as something to address someday. If anything drives home the point that the time to act is now, it’s a piece just posted on Harvard Belfer Center by Melissa Hathaway. Hathaway outlines a series of recent events that offer ample proof of the critical nature of the threat. Here’s a rundown:
- Conficker worm. Earlier this year, this virus triggered the largest computer worm infection since 2003. Computers using Windows operating systems that haven’t kept up with security are particularly vulnerable. What’s most scary: One in five business computers lack the patch for this Windows bug, which was first detected in November 2008, says Hathaway.
- July 4th attacks. Last summer, both the United States and Korea feel victim to a distributed denial of service attack against thousands of computers and websites. Even now, no one knows who was behind the attacks — or, adds Hathaway, how many control hosts were driving the attacks against America’s infrastructure.
- Intellectual property theft. To date, over 150 firms have been targeted for their corporate intellectual property and other proprietary data, says Hathaway. “Our opponents are seeking weapons designs, next generation telecommunications designs, and even proposals that may be used in the next international bid strategy to understand price points and win theme/strategy,” writes Hathaway.
- Malware infections. According to Symantec, malware infections rose over 200 percent this past year in Europe, the Middle East, and Africa. That same period oversaw a 47 percent surge in botnet activity, says Hathaway. And be careful with your smartphone; it can be used to access backend systems.
- Payment credit card breach. In January 2009, Heartland Payment Systems disclosed that intruders hacked into computers it uses to process 100 million payment card transactions a month for 175,000 merchants, says Hathaway. “When,” she asks, “was the last time you looked at your credit card bill and noticed an extra penny to a transaction?” Probably not often.
- Zero-day vulnerability exploitation. Recently, an attack on a UK-based web hosting provider destroyed data on about 100,000 websites, says Hathaway. “The attackers appear to have exploited a zero-day vulnerability in a virtualization application called HyberVM.”