In 2014 alone, the headlines arrived with unnerving regularity: Target CEO steps down after the cyber-theft of 40 million payment card numbers; a Russia crime ring has amassed 1.2 billion name and password combinations; a cyber-attack on JPMorgan Chase could compromise the accounts of 76 million households and seven million small businesses. And that doesn’t even include the quieter drip-drip of Fortune 500 trade secrets falling into the hands of Chinese cyber-spies.
With cyber-attacks weighing heavily on the mind of business leaders, I asked three leading corporate combatants who work on the front lines to offer advice to executives at this year’s Fortune Most Powerful Women Summit in Laguna Niguel.
Here are three rules you need to know, offered up by General Electric chief information officer Jamie Miller, Lockheed Martin executive vice president Sondra Barbour and FedEx FDX chief information security officer Denise Wood:
Worry about your suppliers.
With Fortune 500 companies heavily fortified, hackers are looking for new entry points. That means suppliers who have access to your data. Small companies are easy entry points because they don’t have the resources to keep up with sophisticated security demands. Yet they sometimes have access to their big partners’ important information, including everything from engineering plans to emails and passwords.
While some suppliers are obvious targets, “it could be someone you have far down the supply stream—like Fazio Brothers’ air conditioning repair,” warns FedEx’s Wood.
To combat the problem, GE has installed a single point of entry for suppliers to better monitor who comes in and out. “We’re very mindful of our perimeter,” says Miller. Lockheed’s Barbour encourages executives from corporate headquarters to “go out there and see which suppliers have [access to] the most critical data. We help shore them up.”
Protect your “crown jewels.”
Your company is probably going to get hacked. The velocity and complexity of hacking attempts has skyrocketed, with companies routinely facing millions of knocks on the vault door. “Invest in your security operations,” says Miller. “But then you need to take a step back and decide what’s the most important information you need to protect—and how are you going to protect that– assuming someone is already inside? What are your crown jewels—whether it’s intellectual property or financial assets or personal data?”
Drop the competitive guard and schmooze.
The guardians of your company’s cyber security should be encouraged to network within the industry to swap information on the latest hacker tricks and most effective defenses. “There’s a huge black market” of hackers, notes FedEx’s Wood. “The bad guys collaborate so well” – so should their victims.