Skip to Content

Addressing Cyber Security in U.S. Business

CyberSecurityAll businesses face a wide range of threats, from economic to competitive to disruptive. Increasingly, businesses are focusing on cyber security threats and the question they all face: What can we do to protect ourselves? It could be worthwhile for businesses to look into the idea of pentesting, as this can assist in identifying weak spots in the security posture, which means that once these issues are brought up, businesses can find ways on improving their overall security. This is just one example for ways of limiting these threats. It is not just businesses in the US that need protecting. It is all businesses around the world. For example, if you run a business in the UK, looking to find the Best it support in liverpool or the best it support in Birmingham shouldn’t be hard. As quick google search should give you the answer to help protect your business from future threats.

U.S. Defense Secretary Ashton Carter spoke recently at Stanford University, where he argued “to reconstruct the collaboration between the academic world, industry and government that existed in World War II and the Cold War but appears to have died out in recent years,” according to the Washington Post.

It’s a risk the U.S. government takes seriously. In the discussion, Sec. Carter linked the cyber security risks to business with an overall risk to the United States. The Stanford News reports that Carter “warned cybercriminals that Washington considers a cyberattack against the homeland or American businesses and citizens like any other threat to national security.”

Said Carter: “Adversaries should know that our preference for deterrence and our defensive posture don’t diminish our willingness to use cyber options if necessary. And when we do take action – defensive or otherwise, conventionally or in cyberspace – we operate under rules of engagement that comply with domestic and international law.”

What can U.S. businesses do to reduce their cyber security risks?

Debevoise & Plimpton’s Jeffrey Cunard, who leads the firm’s corporate intellectual property, information technology and e-commerce practices, and James Pastore, Counsel and a member of the firm’s Cybersecurity & Data Privacy practice and Intellectual Property Litigation Group, recently wrote a piece publishes in the Private Equity Growth Council titled “Cybersecurity: Reducing Threats to Private Equity Firms and Their Portfolio Companies.”

They wrote: “We call the basic cybersecurity starting point ‘KYA2’: ‘Know Your Assets’ and ‘Know Your Architecture.’ Identifying what you have (assets) and where you keep those assets (architecture) is fundamental when it comes to cybersecurity. Many of these assets will be kept somewhere within their network mainframe, for this reason, many more businesses are investing in network performance monitoring solutions in order to keep their networks under constant observation, this makes it easier to spot any performance errors, as well as security issues before they considerably damage the network or breach private data points.

“Under the heading of ‘Know Your Assets,’ the task is to catalog what sort of data the firm collects from all its various constituents and counterparties, from limited partners (LPs) to employees to vendors to acquisition targets to portfolio companies.”

“Under the heading of “Know Your Architecture,” the task is to document where exactly the firm stores this sensitive information (e.g., internally, off-site, with a third-party cloud provider, using an application services provider); what measures are taken to protect the data (e.g., encryption of particularly sensitive information); whether the network is “segmented” so that an intruder who gets in the front door does not have the run of the whole house; whether especially sensitive data is segregated in a particular storage location as opposed to (for instance) being combined for convenience with other data on a computer server that has unused storage space; who has access to different types of data and by what means; and whether stale files are periodically purged.” For more information regarding this structure, and how you effectively protect it, you can read more on this website. Knowledge is the first step to combating and countering cyber crime.

In fact, the U.S. government is increasing its cyber security watch — and its requirements on U.S. businesses to protect assets. On April 1, President Obama issued Executive Order (E.O.) 13694, which allows “authorizing new blocking sanctions (asset freezes) against persons that engage in certain significant and malicious cyber-enabled activities that threaten the United States,” according to Debevoise.

Following this Executive Order, Debevoise wrote, “Until now, the U.S. government has focused principally on the need for banks and other financial services companies to have robust sanctions programs. This FAQ appears to be the first time that U.S. authorities have expressly voiced an expectation that technology companies should develop and implement sanctions-specific compliance regimes. It may be prudent for technology companies to review their sanctions-related risks and consider enhancing their compliance programs accordingly. “