They say “hindsight is 20/20,” but that only matters if we take the time to look clearly back on what’s happened and learn from what we see.
October was National Cybersecurity Awareness Month in the U.S., and while the Department of Homeland Security was distributing good advice all month to anyone that would listen, October still saw some 55 million data records leaked in cybersecurity attacks. But we’ve almost become immune to these numbers.
And November was more of the same, including the recent revelation of the Uber breach that took place more than a year ago and affected more than 2.7 million users in the U.K.
Richard Smith, former Equifax CEO, and Marissa Mayer, ex-head of Yahoo, recently participated in a U.S. Senate committee hearing concerning the massive data breaches that hit their respective companies. Both apologized and said steps had been taken to fix the security shortcomings. The Senators and executives then took part in a discussion around ways in which companies and governments could work together to prevent more big breaches, but very few concrete steps have been reported as a result.
|Video: Mary Clark discusses how emerging environments such as the internet of things increasingly require private, isolated networks for companies to ensure control and security.|
And while only time will tell whether Congress intends to get more aggressive about holding companies accountable for their security breaches, I remain much more interested in the prevention of the disruptions in the first place, rather than the punishment of the crime – although lax attitudes certainly cannot be tolerated.
As I’ve written previously, the prevention of the systemic risk posed by the public internet begins with the need to isolate and protect business-critical data and personal information from potential attack. And the public internet represents far too wide a surface of attack and is almost impossible to protect adequately, as illustrated by the mounting number of monthly attacks.
We need an alternative.
Businesses, governments, banks and infrastructure companies alike need an alternative that is free from the exposure presented by the public internet, and where every user or every device that connects to it is properly authenticated. They need a network where permission levels are clear and where that authentication is subject to constant attestation.
This is not a network where a person or device gets authorized once and can act forever. It is a network where credentials are checked and checked again. And it is a network that needs to be a place to interact and trade safely – not an environment that has a year-round open season for attack.
So, as we look back at a National Cybersecurity Month that included more than 55 million data records leaked, what we see should be clear: The criminals and fraudsters are wreaking havoc on data traversing the public internet.
And for the most sensitive, business-critical information, hindsight isn’t good enough. Prevention is the only way forward, with a different methodology for connectivity that comes in the form of a private, isolated network independent of the public internet.
Mary Clark is a former Chief Corporate Relations Officer and Chief of Staff at Syniverse.