The more hops that data travels, the greater the risk of it being intercepted, say most security experts. And you may be surprised how many hops data travels. You can use a Unix utility called TraceRoute to track the route taken by packets across an IP network. In one quick test, going from one computer to CNN.com took 12 hops -- each a potential entry point to cyberthieves.
According to Core Security's Kellerman, there are a huge number of hacking programs available for electronic espionage. "It is a regular arms bizarre. It's like the Dark Ages with mercenaries for hire," he says.
Both organized crime gangs and sovereign nations have made a business of stealing intellectual property, such as trade secrets, by conducting cyberespionage. Such espionage is worth hundreds of billions of dollars in business, and unsurprisingly major criminal syndicates from the Chinese Triad to the Russian mafia are heavily involved in hacking, says Kellerman. Even the Brazilian drug underworld is getting involved because, as it turns out, it is easier and safer to hack a system and sell the information than it is to grow, process, and distribute cocaine. And cyberespionage is more profitable as well.
The result, Kellerman says: "We are hemorrhaging data."
The answer -- in addition to rethinking what information you make available through unsecure devices and networks in the first place -- is to get real about which of your security systems are actually working as it should. It's not just about having a firewall or a virus scanner, he says, but vetting, assessing, assuring, and testing to demonstrate that they are functioning. "In other words, make sure that your dogs bark."