Cyber Tactics Column

RSS

Ask most corporate executives to define cybersecurity and their initial thoughts turn to data privacy. That’s for good reason. Companies are bleeding corporate trade secrets and personally identifiable information at such an alarming rate that confidentiality issues and related compliance concerns can’t help but dominate the cybersecurity agenda. Yet, ask cybersecurity professionals what keeps them up at night, and the topic invariably turns to data deletion, tampering with control systems, and the potential to cause physical harm over the Internet. These concerns fall into categories that are distinct from protecting data confidentiality. Instead, they demonstrate the importance of maintaining an enterprise focus on the integrity and availability of your company’s most essential data, systems and services.

Traditional network security risk management techniques are often inadequate to meet the specialized needs of enterprises' control systems. The good news is that a host of free resources exists to cover this important field of security, risk management, compliance and operational continuity. 

 Cloud computing technology providers are rapidly improving the effectiveness and efficiency of network security, and what we are seeing is just the beginning. If your business is not already taking advantage of cloud-based security solutions, chances are high you will benefit from this emerging market soon.  

Companies have encouraged their workforces to be effective regardless of their location or the time of day, making wireless Internet connectivity the latest lifeblood of workforce productivity. These gains have been accomplished primarily by embracing Wi-Fi, which is not without added risk. Cyber spies and criminals have successfully targeted wireless networks for years, which in turn, requires increased vigilance both when deploying Wi-Fi networks and when training our employees to safely use Wi-Fi.   

When the Department of Homeland Security purposefully dropped data disks and USB flash drives in the parking lots of federal agencies and government contractors, 60 percent of the found objects were inserted into an agency or contractor network.

Removing the power from a computer not only results in lost volatile memory, much of which can be critical to a forensic investigation (and should be imaged), but also may lead the intruder to establish other points of entry.

The Federal Communications Commission developed “Small Biz Cyber Planner 2.0” by teaming with members of the public and private sector, including the Department of Homeland Security, the National Cyber Security Alliance and the Chamber of Commerce.

In early May, the FTC’s Chief Administrative Law Judge held that in an enforcement action the FTC must disclose “what data security standards, if any” it has published and intends to rely upon to demonstrate that a company’s data security practices are not reasonable and appropriate.

Regardless of how vigorously the industry applies risk management principles and how diligently the government shares information, there is no chance the private sector can consistently withstand intrusion attempts from foreign military units and intelligence services or even, for that matter, from transnational organized crime.

The National Institute of Standards and Technology’s cybersecurity framework is now available, so how can CSOs and CISOs use it to better frame their cyber efforts and prove their case to the C-Suite?