Regulatory Reform

Building a Better (Cyber) Wall

Perhaps Donald Trump is right. America needs to build a wall for better protection.

The right type of wall, though, may not be physical. The wall needed is a “cyber” wall. What good is a cyber wall? A well-constructed cyber wall will be effective in minimizing the damage hackers can cause to businesses, state and local governments and the average taxpayer.

The hacking problem has two sides.  On the one hand, bad actors exist. There are people who want to steal your email addresses, your credit card information and your social security numbers. Some of their methods for improperly accessing networks where your information is stored are known. Some of their methods are unknown.

Companies must prepare for the known hacking methods, while trying to anticipate what methods hackers will use next. And simply because a method may be known does not mean a company can detect it.

Take for example the recent case of Scottrade. Hackers were able to infiltrate Scottrade’s databases and access contact information. Scottrade had no idea about the hackers’ efforts until federal investigators near-literally “knocked on” Scottrade’s door.

Similarly, just because a hacking method may be known does not mean a company has a fool-proof method for preventing an attack. In another recently released incident, Trump Hotels announced a security breach targeting customers credit cards through malware installed on some of the hotels front desk computers and other point-of-sale computers.

On the other hand, some companies or government entities, such as the Office of Personnel Management, may have substandard security measures in place. The extent of the OPM breach and the type of information hackers acquired should serve as a sufficient example as to why companies and governments should implement at least reasonable cybersecurity measures.

The problem of cybersecurity is likely to grow as more technology companies emerge, more consumers place their confidential information online and more state and local governments—including school districts—collect and analyze data. This means the types of data collected, along with the number of entities collecting data, grows on a near-daily basis. As the number of entities collecting data increases, so also the potential targets for hackers increase.

The increase in potential targets for raises the costs associated with effective cyber security. In a recent study, the Ponemon Institute estimates the average, annualized cost of cybercrimes in the United States is $15 million. This $15 million represents a 19 percent increase from last year.

Keeping data secure from hackers has caused an explosion in the demand for cybersecurity professionals. Companies are hiring “internal [cyber]security experts” and purchasing more intelligent cybersecurity systems. Government and private entities, such as non-profit associations, are promulgating standards to better define reasonable cybersecurity measures. In fact, ALEC has a Statement of Principles relating to cybersecurity, which should help states and security professionals develop and implement balanced cybersecurity measures. These Principles promote a proper balance between government actions, risk management, the global nature of cyberspace and all the other moving parts related to technology.

If one of the most trusted, luxury hotel brands in the country can fall prey to hackers’ schemes, so can any other company or government entity. The hacks perpetrated against the Trump Hotels, Scottrade and the Office of Personnel Management should serve as a reminder to every small business and every data center to better safeguard the data entrusted to them.

In Depth: Regulatory Reform

In his first inaugural address, Thomas Jefferson said that “the sum of good government” was one “which shall restrain men from injuring one another” and “shall leave them otherwise free to regulate their own pursuits of industry.” Sadly, governments – both federal and state – have ignored this axiom and…

+ Regulatory Reform In Depth