Q&A: Understanding Cybercrime and Ways to Reduce Risk

Kevin L. Jackson, a U.S. Navy veteran and senior computer industry business executive, is CEO and founder of GovCloud Network, helping agencies and businesses leverage the parallel and global nature of cloud computing.

When it comes to protecting identities and financial information, avoiding online fraud or theft, and managing both personal and corporate risk in today’s online world, understanding the ins and outs of cyber security is more important than ever.

In November of last year, DPR and a handful of partners hosted the second bi-annual Data Center Technical Summit focused on “Managing Your IT Risk: Data Center Innovation in a Rapidly Evolving Industry.” The invitation-only, educational event, geared toward data center end users, featured interactive presentations on topics, such as physical security of data centers, how cooling design decisions impact risk, and recommended practices for selecting security and monitoring systems. In addition, Kevin L. Jackson, CEO and founder of GovCloud Network, offered a keynote presentation titled “Cyber Security: Avoiding Disasters in Highly-Networked Data Centers.” Following the event, DPR asked Jackson for some additional tips and insight on how to guard against cybercrime. A 15-year U.S. Navy veteran and senior business executive in the computer industry, Jackson formed the consultancy GovCloud Network to help agencies and businesses leverage the parallel and global nature of cloud computing.

What are the top three things a person should do to assure his or her own personal data security today?
First, it goes without saying you should use personal anti-virus and firewall security on all of your PDA devices, from your phone to your tablet, laptop and everything in between. Passwords should always include eight characters mixing upper and lower case letters with numbers and symbols. And finally, never click on links embedded in emails regarding financial transactions from banks, merchants or other sensitive parties. To avoid these phishing scams, always go to the respective party’s site by directly entering the URL in the browser.

For more advice on ways to avoid cybercrime, I recommend “7 Ways to Protect Your Small Business from Fraud and Cybercrime.”

Where can enterprises go for help? And is the U.S. government involved in this?
When it comes to help with cybercrime, businesses should consider hiring a Chief Information Security Officer (CISO) to ensure that information and assets are adequately protected. It is also important that they train their own IT staff in cyber security and that their training stays up-to-date in this constantly evolving sector.

There are also plenty of outside resources to tap into, including the recommendations by the Cloud Security Alliance. You can subscribe and actively use the National Cyber Awareness System or engage with and leverage programs from the National Cybersecurity Institute at Excelsior College.

The government is very active in this area and has several resources of its own that are worth reviewing, including the National Institute of Standards and Technology Cybersecurity Framework, the Federal Risk Assessment and Monitoring Program, and the Department of Homeland Security (DHS) Cybersecurity.

How is the government protecting itself against cybercrimes?
Several arms of the federal government are actively working to guard against cybercrime in myriad ways. For example, the DHS collaborates with financial and other critical infrastructure sectors to improve network security. DHS components, such as the U.S. Secret Service and Immigration and Customs Enforcement, have divisions dedicated to combatting cybercrime. For more on these efforts, see the DHS or FBI websites.

What are the biggest barriers related to the adoption of cloud computing on the enterprise level?
The single biggest barrier is the lack of education about cloud computing in general, and specifically the advancements that have been made in security in recent years.

The changes necessary in traditional business cultures also pose significant hurdles. I talk about some of these in my recent blog post, “Schizophrenic About Cloud?”

What are the most common types of security breaches for financial, retail and government organizations?
There are a wide variety of breaches that are happening. But nine of the top 10 intrusions involve one of more of the following patterns:

  • POS intrusions;
  • Web application attacks;
  • Intruder misuse;
  • Physical theft and loss due to web activity;
  • Miscellaneous errors;
  • Crimeware;
  • Card skimmers;
  • DoS attacks; and
  • Cyber-espionage.

For industry specifics, go to the Verizon 2015 Data Breach Investigations Report for details and industry specifics.