November 22, 2017 | by Steve Lawrence

Getting Real About Cyber Security

Is your system more secure than the National Security Agency’s?

If you or your business hasn’t been hacked in some way yet the chances of that happening are increasing dramatically every year. Hackers seem to be everywhere these days, stealing data, shutting down accounts for ransom, trying new cons to take money, using seemingly innocuous emails to infect systems with malware.

Think your systems are secure? So did the National Security Agency, which was broken into last year, along with a stunning number of companies big and small, plus individual users too numerous to count. But this is not inevitable, and you needn’t feel helpless amid this growing barrage of attacks, says cyber security expert Joseph Oleksak, partner in the IT consultancy Plante Moran.

The important thing to understand is that for your company, “information security is a business issue, not an IT issue,” Oleksak said. Meaning the company’s leadership, not just its IT techs, must understand the security systems in place, and their vulnerabilities. Then it is up to the leadership to establish a program for continually monitoring and upgrading them. “We find far too many executives who not only don’t know what security controls their company has, but also don’t even know who is in charge of that security,” Oleksak said. “Non-IT guys often think it’s too complicated and they have to leave it to their computer people.”

Don’t do that, he said. Businesses have collapsed under the weight of malware-infected, compromised information security. You need to be able to ask the ‘dumb’ questions of your cyber security staff to manage this threat well.

“The Internet was not designed with security in mind,” said Oleksak. “And it’s very hard to go back and design-in security.” Meanwhile, as we all know, the already vast Internet is growing exponentially. “Today there are 10 billion connected devices,” Oleksak said. “By 2020, the data from connected devices will have doubled.”

The biggest threats to your account security, he said, “are laziness and the desire for convenience. Hackers count on it. That you will, for instance, use the same simple password for all your devices and all your accounts and that you will never change them.”

An important tip: “It is not the complexity of a password but its length that makes it harder to hack,” Oleksak said.

The world of cyber attack is only becoming bigger and more sophisticated, he said. “It now takes longer than ever to even detect that a system has been penetrated,” he said. “We are seeing more email-infested malware, more ransomware, more attacks across all industries.”

Oleksak explained that an effective cyber security program must have five basic elements. First, you must identify what you have. Second you need to protect what you’ve identified. Third you must have systems that detect direct and indirect attacks as quickly as possible. Fourth, that system must also allow the best response possible. And finally, you must be able to recover from any attack.

“You do not have to be a security professional to think critically about this,” Oleksak said. But the best fix is also the most difficult, time-consuming solution: establishing a culture of control and responsibility.

Oleksak is one of several keynote speakers at MSCI's Tubular Products Division Conference Jan. 9–10. Learn more and register by clicking here.