“This cyber threat represents one of the most serious economic and national security challenges we face as a nation.”
Howard Schmidt made this statement in December of 2009, shortly after he was appointed to the newly created position of White House Cybersecurity Coordinator. He was speaking about the advanced persistent threat against our critical information infrastructure, including cyber threats against our electrical grid, global supply chain, and our military. In the time since Schmidt’s appointment the US Government has taken significant action to analyze our weaknesses on a national level, and has made important steps toward appropriate policies to shore up our homeland security.
Examples of strategic policy initiatives dealing with cybersecurity include:
- Cybersecurity is being incorporated into the Obama Administration’s agenda as a key management priority.
- A national public awareness and education campaign is underway to raise awareness and enhance cybersecurity education in our schools.
- A cybersecurity incident response plan is in final draft and will be exercised in September, 2010.
- A draft cybersecurity-based identity management strategy and vision has been released for public comment.
- A privacy and civil liberties official has been designated to ensure that cybersecurity initiatives are undertaken with greater transparency and with careful attention to privacy and civil liberties.
Some tactical initiatives that are currently in progress:
- Federal civilian networks are being secured.
- The cybersecurity operations centers are being connected.
- A cyber counterintelligence plan is being implemented.
- The classified networks are being secured.
- Efforts are underway to better manage global supply chain risks.
In spite of the impressive progress by policy makers and US government agencies, cybersecurity in small and medium businesses (SMB) worldwide still poses a significant and ongoing challenge. In June of last year Symantec Corporation, a global leader in information systems security, released the findings of its 2010 Global SMB Information Protection Survey. The results indicated that 73% of the SMB companies polled were victims of a cyber attack in the past twelve months, and that thirty percent of those attacks were deemed somewhat or extremely successful!
The report also indicated that respondents rank data loss and cyber attacks as their top business risks, ahead of traditional criminal activity, natural disasters and terrorism. Seventy-four percent of SMBs surveyed are somewhat or extremely concerned about losing electronic information. In fact, 42 percent have lost confidential or proprietary information in the past. As a result, all of the companies who have lost data have seen direct losses such as lost revenue, or have suffered other directly related financial costs.
Based on the May 2010 responses from 2,152 SMB executives and IT decision makers in 28 countries, the survey clearly shows that small and mid-sized organizations are facing increased risks to their private information. It also revealed that lost or stolen mobile devices present yet another significant data security issue for SMBs. Almost two-thirds of businesses polled had lost devices such as laptops, Smartphones or iPads in the past 12 months. And all of those polled have at least some devices that have no password protection and cannot be remotely wiped of their data to protect their confidential business information if the device is lost or stolen.
Security professionals unanimously agree that Information Security Awareness Training is a fundamental component of any cybersecurity protection plan. Providence strongly urges that business owners and managers raise the awareness of cybersecurity threats in the workplace through targeted employee education and ongoing reinforcement, with an emphasis on ongoing. Computer operators need to be smart, aware, and must use extreme caution when handling sensitive information or using devices that store that information.
Looking for some quick tips on what you can do to protect yourself and your company? The Symantec Education YouTube channel is a fantastic resource. There you will find a number of short videos that explain much of what you need to know about risks on the Internet and how to stay safe. These fun, non-technical videos discuss the ins and outs of Internet security in a way that is easy to understand and remember. Topics include Pests on your PC, The Underground Economy, Phishing, Botnets, and several others. The videos are also great resources for teens, young adults, and others who may be less Internet-savvy and who need to be educated about what to look out for and how to stay safe online.
Since we live in a world where virtually anyone with a computer is susceptible to modern cyber threats, we need to accept the shared responsibility of ensuring that our PCs and networks are secure, trustworthy and resilient. If we continue to make it easy for cyber criminals to steal bank account, credit card, and email login credentials, they will continue to profit from it, which funds their ability to develop new and innovative ways to attack. Please learn as much as you can about this important topic, and take action as soon as possible to improve your cybersecurity posture.
Jeff Dettloff is the President and Chief Problem Solver for Providence Consulting, Lansing’s leading provider of advanced computer services and innovative technology solutions.