The typical shopper closely safeguards the credit or debit card he or she is carrying, hoping to prevent theft by a pickpocket who would then use the card for an unauthorized and very expensive spending spree. People would like to assume that wherever they shop – online, at a local store, or at a shopping mall – merchants have the proper mechanisms in place to ensure credit and debit card information is protected from the prying eyes of thieves. The truth is – the use of a credit or debit card might as well come with a warning, “Shop at Your Own Risk.” While you may be hard pressed to turn over your financial and personal data to those who use social engineering ploys or street-tough tactics, never assume or believe that the companies you patronize are interested in protecting your privacy.
Sadly, it has taken massive and highly publicized data breaches, such as those that hit Target and Neiman Marcus, to jolt executives to the realization that implementing cyber security measures isn't something that can be delayed or done at their leisure. Companies too often procrastinate on important security issues such as firewall vulnerabilities, critical software fixes, and phishing attacks on their networks and are lax in enforcing policies pertaining to securing customer data. Many IT departments tend to be overwhelmed and understaffed, concentrating on performing technical tasks while knowing little about securing the infrastructure that holds vital consumer data. In fact, many organizations have no dedicated cyber security watchdog, even though preserving data integrity can make a difference in profit and loss.
The goal of cyber security training company Mile2 is to change the way corporations think about cyber intrusions and breaches.
Changing the Mindset
Based in Tampa, FL, Mile2 is a developer and provider of proprietary vendor-neutral professional certifications for the cyber security industry. CEO Ray Friedman, an expert in IT security, envisioned Mile2 as becoming a leader in professional, vendor-neutral, cyber security certification and accreditation. The purpose of Mile2 is to help organizations realize that IT security is more than a practice that is merely a "nice to have"; it's an essential that requires immediate attention. Through penetration testing and ethical black and white hat hacking, Mile2 teaches corporate IT specialists the methods hackers use to invade networks and databases.
Once IT personnel know how hackers and breaches can lead to corporate data theft, they can better understand the methods they need to implement to prevent network infiltrations. "Our role is to educate information system managers and IT engineers on what IT security is and why it's important," Friedman said. "We have found that 97 percent of security issues have occurred when something simple was overlooked. Are IT managers looking at their network logs? Are they patching vulnerabilities within a reasonable amount of time? Are password policies being enforced? IT personnel tend to think of security as being cumbersome."
Friedman has discovered that policy changes within the corporate hierarchy is essential to preserving a company's data and network integrity. He emphasizes that establishing cyber security policies and policy enforcement starts at the top -- at the executive level -- and then filters down to employees at all levels. "Security deserves top tier priority," he said.
He points to the breaches widely covered in the media over the last months. "What do these breaches say to customers? They show that companies do not consider customers' financial data important enough to be secured; that companies failed to implement proper security controls. Nor did company leaders take the necessary steps to secure customer information in the first place. So, where does this leave a company where data has been breached? It ends like this - customers leave and shop elsewhere. The end result is that the customer will transact business with a competitor; one merchant's loss is another merchant's gain."
Prevention Is Key
Clients have taken the knowledge acquired in Mile2's certification and accreditation classes and returned to their jobs only to discover eye-opening events they had overlooked for months. "Our clients have found that their networks had been probed by attackers multiple times, but were long unaware of these instances because they never looked at their logs. Or the attacks had been so covert they had simply gone unnoticed," Friedman said. "Once they have been educated, our clients see the clues that they have long overlooked. We had a large financial services institution that, after learning penetration testing from Mile2, was able to pinpoint that attacks were hitting its networks overnight and then disappearing during the day during business hours. After the training, the IT manager was able to utilize the knowledge that he gained to go back and apply it to the networks he was overseeing; that's when he realized his company had been under attack."
Mile2 teaches fundamental and advanced principles of cyber security and follows a course/certification track that leads to advanced hands-on skills training for penetration testing, disaster recovery, incident handling, and network forensics. Courses are available in four career areas: fundamental, foundational, specialized, and advanced. Many classes Mile2 offers are accredited through the National Security Agency (NSA).