Even people with hardly any knowledge about new technologies know that fears of cyber attacks are injecting a lot of sensitivity into this year’s election season. There are all kinds of concerns – about polling data, ballot box security, and more, but one of the biggest examples of a real threat is the infiltration of the Democratic National Committee by Russian hackers.
The drama started last fall, when FBI agents started contacting the DNC about its network security. The DNC received some warnings, DNC spokespersons say, but not a lot of concrete details. According to an August 3 Reuters piece that widely quotes DNC staffers, the FBI did not even mention the Russian connection until months later.
Emails leaked in the hack caused a large degree of unrest in the Democratic Party, revealing elements of favoritism toward Hillary Clinton and showcasing other unpleasant aspects of private communications within the DNC. Jobs were lost, and confidence was undermined.
Through all of this, the timeline, and what guidance was given, is a bit in question: in the above Reuters coverage, DNC officials are claiming they asked the FBI for help, but were turned away. At the same time, U.S. officials told CNN in late July that the FBI informed the DNC months before any action was taken.
Why is this important? It’s very important for the future of our electoral systems, but it’s also a cautionary tale for businesses that are every bit as vulnerable to security intrusions as an office like the DNC – if not more so.
When Agencies Step In – and Why Companies Should Act Pre-emptively
Many business leaders have only a vague understanding of how security threats are typically discovered and disclosed, and how the FBI works with companies. However, these protocols can have huge effects on an enterprise that’s under fire and dealing with cyber attacks.
Ideally, the company finds the evidence of a cyber attack on its own, and national security agencies never get involved. When that doesn’t happen, a company’s first warning may be a call from the FBI.
So what happens when a government agency has to step in? This August article by Kroll’s Tim Ryan suggests that if a cybercrime case is only criminal, and doesn’t affect national security, a government agency may be willing to offer all kinds of details, but if there is any link to national security, however small, you may find that the details are classified.
Another big issue is that after an outside investigation is started, it can be hard to get it closed.
All of this is an excellent argument for investing in more comprehensive cyber-security. Again, it’s imperative that businesses control their own vulnerable data – so that outsiders don’t have to get involved. Most law enforcement agencies will only get involved after a problem has become big enough to hit their radar, and by that time, it’s usually too late.
Experts talk about something called “dwell time” – the amount of time a threat bounces around in a system, potentially causing havoc. The less dwell time, the quicker the response, the less chance of big financial losses, and losses to a company’s reputation.
Getting Proactive Security
The realities around cooperative cybercrime investigations are just one of many reasons why companies are choosing to pursue new paths around network security, moving toward pre-emptive solutions that will turn on the warning sirens long before an FBI agent picks up the phone.
Safe-T Box offers companies a suite of tools that will help provide robust network protection, not just at the perimeter, but inside of a network, with a window into daily activities to catch any anomalies that can be signs of a pending or occurring attack. With secure transfer solutions and a secure front end solution, Safe-T Box and RSAccess, Safe-T helps companies monitor their own networks. In a cloud-based age, cloud broker and file sharing tools, along with data scanning, data encryption and audit functionalities, make a company’s internal security hardy enough to keep up with the wide range of malware, virus, phishing and hacking efforts that circle ominously around a business system.
Ask Safe-T about creating a plan to really guard IT systems, so that you get the warnings from security teams first-hand, and not from a government office.