There is a silver lining to the rash of revelations about cyberintruders cracking into the networks of marquee U.S. corporations.
Microsoft [recently] admitted to a major network breach, following in the footsteps of Apple, Facebook, Twitter, The New York Times, The Wall Street Journal and the Federal Reserve, all of which have made similar disclosures in February.
However, the mea culpas also show that with persistent network breaches continuing to escalate, some large organizations have begun proactively gathering intelligence about what the bad guys are up to. They are doing this by stepping up the use of cutting-edge tech security systems.
And by moving to advance public knowledge about the stealthy tactics of cyberintruders, companies under attack could be taking a crucial step toward gaining an advantage on the attackers, say security analysts and law enforcement officials.
"The one thing these disclosures have done is provide significant visibility into the latest attacks," says Lawrence Pingree, cybersecurity industry analyst at market researcher Gartner . "Without that, you're blind."
Data thieves, cyberspies and hacktivists, to be sure, continue to probe company networks as intensively as ever. An estimated 60% of companies globally reported a network security breach in the past year, including 34% that identified more than one penetration, according to a survey of 4,447 tech professionals in nine nations, conducted by Ponemon Institute and sponsored by Juniper Networks.
Those survey results were released Monday at the RSA cybersecurity conference in San Francisco, where much of the buzz this week has been about the value of openness.
"Just a short time ago, companies and third-party service providers were extremely reluctant to share any information for fear of airing dirty laundry or revealing any potential weaknesses," says Kelly Bissell, a Deloitte security and privacy principal. "Now there is a grass-roots, band-of-brothers kind of approach with the good guys."
Underscoring the openness theme, former White House cybersecurity adviser Howard Schmidt on Monday was named executive director of the non-profit Software Assurance Forum for Excellence in Code. Schmidt's mission: to assemble leaders from tech, military, law enforcement and industry to collaborate on increasing the trust in tech products and services.
Meanwhile, Hewlett-Packard on Tuesday announced the formation of HP Security Research, a new division created to provide "actionable security intelligence" via published reports and threat briefings.
Those moves follow President Obama's recent executive order directing the federal government and private companies to work more closely to protect the nation's critical infrastructure against cyberattacks. (continued...)
© 2013 USA TODAY under contract with MarketWatch. All rights reserved.