Cybersecurity, managing and protecting computer systems from attacks, is evolving just as quickly as the techniques hackers use to cause damage. Historically, the public and private sectors believed that stronger technology and more advanced computer systems alone were enough to prevent attacks. As new trends emerge and the technologies used to both conduct and prevent hackings improve, cybersecurity strategies must remain agile, trying new tactics to counter changing threats.
With the increased frequency and sophistication of cyber-attacks worldwide, companies and executives are becoming frustrated with a traditional focus on defensive tactics. As a result, some private sector actors are taking a more active role in cybersecurity by “hacking back” – hacking against the very groups that are attacking their systems in retaliation or to retrieve stolen data. As hacking back rises in popularity, it is important to consider a number of political and legal issues and the risks to counter-terrorism efforts.
Cyber-attacks are an increasingly dangerous threat to the Government. Recently, both the Federal Bureau of Investigation and the Office of Personnel Management experienced attacks, losing sensitive employee information to hackers. As a result, the Department of Homeland Security (DHS) increased its efforts towards hiring cybersecurity subject matter experts and acquiring cutting-edge technology to defend itself against impending attacks.
Insider threats are a serious cybersecurity risk to the Federal Government. According to Verizon’s 2013 Data Breach Investigations Report, insider threats, which can be malicious or accidental, comprise at least 14% of confirmed data breaches. Each type of insider threat requires a unique solution.
As the number of large-scale cyberattacks increases each year, preventing and responding to such attacks is becoming increasingly difficult. Hackers constantly develop new techniques to attack secure networks. Major network breaches to the Office of Personnel Management, Sony, Target, and other organizations highlight the need for an increased emphasis on corporate cybersecurity.Write here...
The Department of Homeland Security (DHS) is responsible for providing a common baseline of cybersecurity across the civilian Government. It assists agencies with managing their cyber risk.
Every month, a new cyber attack makes headlines, startles consumers, and spurs calls for action and new legislation to mitigate emerging cyber threats. By almost any statistic you choose, the risk to Government agencies, corporations, and consumers is escalating. In 2013, MacAfee catalogued more than 100,000 new pieces of malware a day. The Washington Post reported the likely annual cost of cybercrime to the world economy at $445 billion dollars in 2013, and the number of detected cyber attacks in 2014 increased a staggering 48% over the previous year.
The risk associated with legacy information technology (IT) systems not meeting the Federal Government’s evolving needs is substantial and unacceptable. The costs are also significant with 78% of the $80 billion spent annually on Federal IT going toward maintaining existing systems, crowding out funding for modernization.
Recent large-scale cybersecurity incidents have highlighted the need for increased vigilance and defense against information security threats that affect organizations worldwide. Hackers stole the personal data of more than 21 million people in the Office of Personnel Management (OPM) Breach in 2015. These cyber-attacks resulted in the theft of personal information of millions of Americans, many of whom are current or former Federal workers and contractors. Stolen information enables hackers to conduct individual targeted cyber-attacks, such as spam and phishing campaigns. Individuals, businesses, and other organizations must stay aware of emerging threats and act quickly to secure their data and networks.
Every week, both public and private sector organizations face new cyber security threats. Those who wish to bring down information technology (IT) systems, whether against Government agencies or major corporations, possess the skills and persistence necessary to do so.
Portions of the internet invisible from standard search engines, known as the "Dark Web," are providing rapidly increasing user base access to many illegal activities online. Dark Web websites are publicly visible, yet hide the IP addresses of the servers that run them using anonymity software like Tor or I2P. These software programs encrypt internet traffic in multiple layers and bounce it across randomly selected computers around the world. This lets anyone using one of these programs access a site, but it can be difficult to locate its servers and users.
You have probably never met a Nigerian prince. However, you might have received an email from one asking for help unlocking a fortune with the promise to pay you for your help. These so-called ‘Nigerian prince scams’ are a crude version of fraud that people can easily recognize.
Advances in tooling, education, and job training provide organizations with the opportunity to advance their own cybersecurity programs. If not impenetrable, they are at least harder to breach and therefore a less attractive target than the next organization. It may be tempting to assume new tools solve problems and erase or lessen the need to understand management fundamentals as they apply to cybersecurity. Instead, it is vital to consider how effective cybersecurity depends on management fundamentals, especially on sound resource allocation.