Cyber Crime: Identifying the Sources of an Everyday Threat
Cyber crimes, cyber thievery, and cyber warfare have become an everyday reality. In fact, security breaches are so prevalent that, according to a new study from the National Cyber Security Alliance and a private sector firm, 26 percent of Americans have been the victims of a data breach in the past 12 months alone. Not only do breaches reduce citizens’ trust in government to protect their confidential data, they also cost government agencies a significant amount of money. For most CIOs and other government keepers of data, these statistics prompt one immediate question – “Can this happen to us?” Unfortunately, the answer to this question is: yes, it can.
Identifying Threats, Both Internal and External
The threats faced by government are ever-changing, which means we need to be one step ahead at all times. So we ask, “Where do these threats come from?” To answer this question, you have to understand your “attack surface,” which could include parts of the system that could conceivably be “touched” by unauthorized users, even before a breach would happen. Awareness ofany existing vulnerabilities will help devise security measures to best protect against them.
Fortunately, new data has helped shed light on insider threats; the security dangers caused by an organization’s own employees or trusted partners. As Peter Romness recently discussed in his blog post, insiders are commonly considered to be the highest-risk population. Insider threats – when they materialize – often create the greatest damage to the organization. Therefore, it is important to understand the issues, evaluate the “attack surfaces,” and consider possible solutions for maximum protection both from external and internal threats.
Don’t Forget Mobile!
It is vital to include mobile platforms when searching for potential attack surfaces. Government agencies have overwhelmingly moved their applications and services to mobile devices to increase productivity. As a result, secure mobility has become synonymous with Bring Your Own Device (BYOD). 41 percent of organizations surveyed by CDG have had security concerns when it comes to BYOD. At the same time, we can also consider our complete reliance on technology as a potential threat. For example, when a computer system goes down, employees have to go home because they cannot be productive without access to their emails and internal servers. According to IT experts, companies and government agencies should take a hard look at their processes and institute procedures to deal with system failures in order to ensure business continuity.
We all know that cyber security threats are “mutating” and proliferating at a blistering rate. We need to respond quickly to roll out new defenses as fast as possible. But while we need to be speedy, we must also be smart. And the first step to implementing a flexible, intelligent, and effective cyber security strategy is to discover and understand your greatest vulnerabilities and attack surfaces.
For more insights on cyber security in government and details on some of these statistics, download the Center for Digital Government’s research report.