LL: What are the highlights from your 2012 predictions?
EF: We are going to continue to see a very sustained effort by state sponsored hackers to steal U.S. intellectual property. The threat by dangerous insiders for destruction theft or data will continue to be a problem. 2011 was marked by a steep rise in hacktivisim which is hacking by political groups trying to embarrass companies for political or social purposes and even the early signs of 2012 there will be no abetment in that area. As a result of this, what I see is corporations beginning to do what they should be doing and that's by strengthen their governance and preparedness's
LL: How would you grade the security of U.S. businesses?
EF: Some firms have established a culture of security and preparedness and security and some businesses have not. I would say we have encountered many top companies often in the media where the intellectual property is all digital.
They have recognized early on that they need to have strong security departments because all of their critical assets are digital. You see a high level of sophistication from companies like this and C-Suites being focused on computer security and obviously defense contractors, are attuned to this as well. Those who do a bad job- a variety of large law firms.
Security starts with leadership. It doesn’t start with firewalls and technology. Those are just tactics. Sometimes within days weeks or months after an attack- the attacker will always come back.
LL: Just how sophisticated are these threats?
EF: They are incredible sophisticated. Other countries are using their best computing minds dedicated in a programmatic way to steal U.S. secrets. Better to receive than to give. It’s cheaper to steal than develop it. These advanced persistent threats are not fiction, they are real.
LL: The latest intellectual property theft involved a printer. What is the most venerable piece of equipment in a business?
EF: What we find is that the attackers are so sophisticated that they look for any vulnerability. In many of the hacktivists attacks, the companies were doing 99.9 percent of their computer security correctly but the adversary has the time and the skills to find that one percent. These hackers can find a flaw in a Adobe flash program, the company's website, a printer Attack vectors often vary so the solutions are not to think you can keep everyone out of your perimeter but if you should have the technology and procedures in place to properly identify the attack so you can properly manage your response.
Questions? Comments? Email us atNetNet@cnbc.com
Follow on Twitter @ twitter.com/loriannlarocco
Follow NetNet on Twitter @ twitter.com/CNBCnetnet
Facebook us @ www.facebook.com/NetNetCNBC
A Senior Talent Producer at CNBC, and author of "Thriving in the New Economy:Lessons from Today's Top Business Minds."
