With great fanfare, U.S. President Barack Obama launched a new cybersecurity agency that aims to pull together security information from other agencies to gain a better overview of the overall threat and find new ways to fight it. The new Cyber Threat Intelligence Integration Center will alert other areas of government of new threats and how to thwart them – and this information will also filter down to IT pros like you!
Here are some of the other recent cybersecurity efforts from the Obama administration, some in concert with private industry:
- An executive order to encourage businesses and organizations to share threat info with the government and each other.
- Proposed legislation to make sure business are liable when sharing security information and that privacy is protected.
- Proposed a “national breach notification law” so new exploits can be identified, and the details made available.
- Visa will replace the transmission of credit card numbers online with tokens.
- A range of vendors have created the Cyber Threat Alliance to share standards and best practices.
Tighten your borders
With organized cybercriminals and an increase in state-sponsored breaches, governments around the world need to tighten their computing borders. In fact, wars of the future may be increasingly fought on the cyber front.
Many of the same threats and hacker dynamics also pose risks for small and medium-size businesses. The biggest lesson – knowledge is key. The dynamics of hacking are ever changing, with new and stronger forms of attack ever on the march. That means SMBs must look at new technologies, new approaches, and new sources of information for the latest security news and best practices.
Governments, banks, and organizations covered by compliance regulations have very high-security standards to meet, and the results of failure are dire and expensive indeed. This has created a higher level and disciplined approach to security and privacy – an approach that should serve as a model for smaller organizations that likely don’t fall under compliance rules.
In fact, I’ve always maintained that even if you don’t have to meet compliance regulations legally, it is a good idea to behave as if you do. That means making sure critical information such as that contained in emails is fully protected, secure and available. Even if there is no rule that says you should archive mail, this can be a lifesaver in the case of a lawsuit or even legal investigation of an employee’s malfeasance. And your firewall, antivirus and other security measures should be regularly reevaluated and tuned.
What else to do?
There are many other things you can do now to keep your organization safer this year.
Connect with peers through user groups, online communities, or even the comment sections under security articles to keep abreast of the threats and how other IT pros are dealing with them.
Regularly consult with your key security vendors or your reseller to identify new threats and learn about new technologies to stop them.
Become a security aficionado by visiting top security sites, doing Google alerts on key search terms and being active in security organizations.
Meanwhile, here are two resources you might want to check out;
- The Cyber Threat Alliance (https://cyberthreatalliance.org/)
- The 2014 Data Breach Investigations Report done annually by Verizon (https://www.verizonenterprise.com/DBIR/2014/)