weather icon Clear

Expert: You’ve been hacked and you probably don’t even know it

There is no such thing as a computer network that has not been hacked or compromised, a leading expert said on Nevada Newsmakers.

“The experts today say there are only two types of computer networks,” said Ira Victor, digital forensic analyst for DiscoveryTechnician.com. “Those are networks that have been compromised and the owners of those networks know where they have been compromised, how far and what data; and networks that have been compromised and the owners don’t know where the compromises are and how far they have gone in and what data.

“We are at that point and with the experts, that is pretty much the consensus on that opinion,” Victor said Monday. “All networks are compromised and it’s just how much you know about it and how much you don’t.”

Businesses and other entities with computer networks may not be aware of the hack but can still be compromised, Victor added.

“They do other types of techniques that are exploiting the networks but they keep a low profile so that the people that are running the business or working the business have no idea,” he said.

Firewalls and other computer security services are not security blankets for computer systems, Victor said.

“So anti-virus (programs) and firewalls, you want to have them but they only offer very minimal protection,” he said. “They do not keep the bad guys out of your network.”

Victor, who has testified about cybersecurity at the Nevada Legislature, said the state of Nevada (and many businesses) can’t afford to secure every bit of information in their systems. So those entities should concentrate on what is the most important data that needs protection.

“The first thing I would suggest for the state (of Nevada) is that the state needs to have an inventory of what information they have and rank it in terms of the most valuable information and start concentrating their resources on protecting the most valuable information,” Victor said. “Guess what? That is a recommendation I have for all businesses and all organizations.

“If the bad guys are in your network — and they are — and if they are there persistently — and many times they are — then it is often not cost-effective to protect everything, every little shred of information and every single communication in your network. So we need to rank them and say, ‘What is our most valuable asset? What are our crown jewels? And then, concentrate our resources on protecting our most valuable assets.”

Business and government don’t earmark a lot of money toward cybersecurity, Victor said.

“We’re not going to get a lot of money for information security,” he said. “Let’s just be realistic about this. It is the same as in business. So you’ve got to concentrate your energy on the crown jewels — the most valuable information — and acknowledge that is what you are going to do.”

Security, risks

“Information Technology,” or IT, is not the same as information security, Victor said.

Culturally, the people in IT are taught to deliver services on time and on budget.

“The cyber criminals are breaking into networks with such frequency and such ease that they don’t always exploit that network right away,” Victor said. “So if we have less than $10,000 to spend, we figure out a way … so we’ve got to ‘stand up’ those systems, as we like to say, and deploy them and do the best we can with the $10,000 we have over the next three years. That is the culture of IT.

“In information security, we look at risk, our culture is about risk,” he said. “What is the data we have? What are the risks? How do we mitigate those risks?

“And then we go to our decision-makers and say, ‘Here are the risks. Here are the liabilities. If you want (to) protect that data, here are the steps that need to be taken.’”

When government agencies or businesses try to protect all their cyber information, that is a good thing for the “bad guys,” Victor said.

“There is a laundry list of valuable information that organizations have,” Victor said. “And they are not doing enough to protect it. Now some of it has to do with economics. It’s expensive. That is why we’ve got to concentrate our efforts and say, ‘Hey, these are our most valuable information assets and we’re going to protect them and really do a strong effort to do so. And we are not going to stop the cyber criminals until we do that. I mean, bad guys are having a field day because we’re saying, ‘Well, all of our information is valuable, and then none of it gets well protected, or not enough of it gets well protected.”

Ray Hagar is a journalist for the “Nevada Newsmakers.” More information on the public affairs broadcast program, podcast and website is available nevadanewsmakers.com

Don't miss the big stories. Like us on Facebook.
Miller joins Nevada National Security Site

The Nevada National Security Site announced this week that Neile Miller joined the organization as the chief strategist.

Pahrump nonprofit gets upgraded through grant from Home Depot

A nonprofit organization in Pahrump is planning the next stages of its growth after a grant helped with upgrading its existing space on the north end of town.

Free medical help returning to Pahrump

Remote Area Medical is an international nonprofit organization dedicated to bringing free medical services to underserved and uninsured individuals with mobile clinics held all over the globe each year.

Valley reverses move to push for creating tiered system for its net metering program

Valley Electric Association Inc.’s board reversed its position on plans to potentially institute a tiered system for co-op customers that have or plan to install rooftop solar or other renewable energy power-generation systems and utilize Valley’s net metering program.

IRS automatically waives a tax penalty

The Internal Revenue Service is automatically waiving the estimated tax penalty for the more than 400,000 eligible taxpayers who already filed their 2018 federal income tax returns but did not claim the waiver.

Workforce development training gets boost in Nevada

More than $2.4 million in state-funded equipment for workforce development programs at Nevada colleges was authorized earlier this month to remain with the schools to continue the various specialized training to support the employment needs of the state’s industries.

Community investment tour makes a stop in Pahrump

A presentation was made by the Workforce Connections (WC), Southern Nevada’s local workforce development board, and others, at the NyE Communities Coalition building to highlight millions in federal funding being put into Nye County and other parts of Southern Nevada employment and training programs.