.
Living in a world where everything and everybody is connected, protection and security of data has grown all the more critical. As long as one is connected to the Internet, anyone can become a viable victim to a cyber attack, thus wariness and proper protection must be installed to prevent any detrimental incidents. Thus, from protecting user data against the growing number of threats to ensuring the continuity of businesses, cybersecurity—or measures taken to protect a computer system against unauthorized attacks—is an essential element for any organization. With the advance of the Internet and alike, security threats and cyber-attacks are multiplying acutely all over the globe, targeting individuals and targets alike. As these threats and attacks continue to mount, understanding and managing security risks have become critical issues for leaders in both business and government. Below are several essential facts that define the current information security landscape:
  • The estimated annual cost for cybercrime committed globally adds up to 100 billion dollars.
  • Currently, there are more than 6 billion social network usersworldwide with more than 64% of internet users accessing social media services online. Social media is the most vulnerable means of cyberattacks. One in 10 social media users are victims of cyberattacks and the numbers are on a rise.
  • From 2016 to 2019 global cyber crime costs are expected to greatly increase, reaching US 1 trillion dollars.
  • US government spent US 14 billion dollars on cyber security in 2016 with plans to spend US 19 billion dollars in 2017.
As it can be seen, the implications, both financially and internally for companies and governments alike, are tremendous. Take, for example, a few recent incidents: Sony and Target’s breaches earlier in 2014 and 2013, respectively, had the biggest impact on information technology security. It was evident that high-profile hacks against the government and companies like Sony and Target were largely met with legislative inaction and administrative uncertainty on how best to address evolving cyber threats. The breach of the Office of Personnel Management exposed the details of at least 21.5 million government employees. Additionally, repeated claims of Russian and Chinese hacking of American businesses and public agencies continued to surface as an ongoing issue within the public sphere, as well as reports indicating that several thousand FBI staffers had their data leaked following such an attack. Accordingly, such security is important to every American who uses the Internet in order to ensure that their communications remain protected. Unfortunately, there are always going to be “bad guys,” in this case, those who try to steal people’s information for their own financial or personal gain. Thus, as these threats continue to mount, understanding and managing security risks have become critical issues for leaders in both business and government. Cybersecurity in the Obama Administration Evidently, cybersecurity and risk is now an urgent and important matter at hand. Information breaches and hacking have raised fears that such attacks and other security failures can significantly endanger the global economy. In 2015, President Obama acknowledged cyber risk as a top issue for the international agenda. Addressing political leaders, CEOS, and technical experts, the president reinforced that those specialists needed to “collaborate and explore partnerships that will help develop the best ways to bolster our cyber security.” The Obama Administration has taken various actions towards addressing cybersecurity and cyber-attacks. President Obama’s most recent initiatives have included Executive Order 13636 (The National Institute of Standards and Technology) and the Cybersecurity National Action Plan (CNAP). The first initiative was designed to transform and enhance the nation’s cybersecurity policy to effectively respond to cyberattacks and to properly prepare for any potential attacks. The latter initiative was introduced earlier this year in February with objectives that included the enhancement of cybersecurity awareness and protections, protection of privacy, maintenance of public safety, ands the empowerment of Americans to take better control of their digital security. Additionally, last year, under the directive of President Obama, the National Institute of Standards and Technology (NIST) in the United States issued a Framework for Improving Critical Infrastructure Security. The Framework introduced a set of standards and best practices designed to help organizations manage the risks of a cyber security breach. With the aid of this framework, they chart their current security profile, work out what profile they should be aiming for and create a plan for reaching it. President Obama’s concern for cybersecurity can also be seen within his fiscal 2017 budget proposal. Cyber threats are "among the most urgent dangers to America’s economic and national security," Obama said in a Wall Street Journal op-ed published on Tuesday. In his fiscal 2017 budget proposal, President Obama asked for $19 billion for cybersecurity across the US government, an increase of $5 billion over the past year. According to Forbes, the government is planning to invest $62 million alone in cybersecurity personnel. (The government recently just announced its first chief information security officer, Tony Scott, to lead the charge over cybersecurity policy, planning, and implementation to secure the US government.) Additionally, the Department of Homeland Security is said to increase the number of Federal civilian cyber defense teams tasked with finding vulnerabilities on government systems. As these policies are recent measures that have been taken, the effects and success of the various initiatives are still yet to be seen. Yet, what is obvious and essential are the ability and foresight to prevent cyber attacks and vulnerabilities by being prepared. Countering Cyber Attacks Unfortunately, attacks on cyber security and cyber-crime is only likely to increase in the near future, despite the best efforts to prevent such incidents by government agencies and cyber security experts. Technical innovation and the centralization of data create opportunities for cyber criminals to misappropriate critical information from a single target attack. With the online systems allowing its services to become more available, this further multiplies significantly the opportunities to penetrate security measures. The increase in numbers will be due to the expanding availability of services online and the growing sophistication of cyber criminals engaged in such operations. The question then shifts in how to counter these cyber risks.  There is no shortage of advice available to organizations to help them assess risks and develop suitable plans to counter them. Governments around the world are developing cyber security guidelines. For one, under guidance from the US Securities and Exchange Commission, public companies are required to disclose what can be seen as “risk assessments”- information providing the material risks they face from cyber attacks and include specific detail to enable an investor to assess the magnitude of those risks. US companies are also required to consider disclosure about the potential costs associated with preventing cyber attacks and any contingent liabilities or asserted claims related to prior breaches. In sum, a failure to make adequate disclosures can lead to additional liability in the event of a cyber attack. Furthermore, governments are tightening laws and regulations to ensure organizations will take greater responsibility for cybersecurity. An essential step to allow for this is the reporting of breaches as it enables government agencies to take action to strengthen security, mitigating harm and encouraging organizations to adopt effective security measures. Additionally, other critical steps are essential to establish protective measurements against cyber threats. These include taking actions to identify the security risks organizations and governments face the policy for dealing with them. Standard security measures and configurations should be adopted while malware protection should be highly considered. Furthermore, because networks are often weak points in cyber defense, it is critical for any organization to follow recognized network design principles and to ensure that all information and communications technology are configured to security standards. Of course, reality will be more complicated then the aforementioned measures. Nonetheless, secure precautions must be taken. Evident as it is, cybersecurity is one of the most urgent issues of the day. Computer networks have always been the target of criminals, and it is likely that the danger of cybersecurity breaches will only continue to increase in the future as these networks expand, but there are sensible precautions that organizations and governments can take to minimize losses from those who seek to do harm. With the right level of preparation and specialist external assistance, it is possible to control damages, and recover from a cyber breach and its consequences. There is clearly still much work and precautious measures to be enforced, and the people behind the attacks have a significant head start. For those merely catching up now, cyber security has become a matter of urgency.   About the author:  Jae-Eun Kim is a recent graduate from Carnegie Mellon University where she received a B.S. degree in International Relations and Politics and a M.S. degree in Public Policy and Management. Her current position deals with information security risk management in corporate organizational settings.

The views presented in this article are the author’s own and do not necessarily represent the views of any other organization.

a global affairs media network

www.diplomaticourier.com

Implications of Cybersecurity on Organizations and Obama Administration’s Counter Measures

cyber target security on intentionally blurred United States flag
November 7, 2016

Living in a world where everything and everybody is connected, protection and security of data has grown all the more critical. As long as one is connected to the Internet, anyone can become a viable victim to a cyber attack, thus wariness and proper protection must be installed to prevent any detrimental incidents. Thus, from protecting user data against the growing number of threats to ensuring the continuity of businesses, cybersecurity—or measures taken to protect a computer system against unauthorized attacks—is an essential element for any organization. With the advance of the Internet and alike, security threats and cyber-attacks are multiplying acutely all over the globe, targeting individuals and targets alike. As these threats and attacks continue to mount, understanding and managing security risks have become critical issues for leaders in both business and government. Below are several essential facts that define the current information security landscape:
  • The estimated annual cost for cybercrime committed globally adds up to 100 billion dollars.
  • Currently, there are more than 6 billion social network usersworldwide with more than 64% of internet users accessing social media services online. Social media is the most vulnerable means of cyberattacks. One in 10 social media users are victims of cyberattacks and the numbers are on a rise.
  • From 2016 to 2019 global cyber crime costs are expected to greatly increase, reaching US 1 trillion dollars.
  • US government spent US 14 billion dollars on cyber security in 2016 with plans to spend US 19 billion dollars in 2017.
As it can be seen, the implications, both financially and internally for companies and governments alike, are tremendous. Take, for example, a few recent incidents: Sony and Target’s breaches earlier in 2014 and 2013, respectively, had the biggest impact on information technology security. It was evident that high-profile hacks against the government and companies like Sony and Target were largely met with legislative inaction and administrative uncertainty on how best to address evolving cyber threats. The breach of the Office of Personnel Management exposed the details of at least 21.5 million government employees. Additionally, repeated claims of Russian and Chinese hacking of American businesses and public agencies continued to surface as an ongoing issue within the public sphere, as well as reports indicating that several thousand FBI staffers had their data leaked following such an attack. Accordingly, such security is important to every American who uses the Internet in order to ensure that their communications remain protected. Unfortunately, there are always going to be “bad guys,” in this case, those who try to steal people’s information for their own financial or personal gain. Thus, as these threats continue to mount, understanding and managing security risks have become critical issues for leaders in both business and government. Cybersecurity in the Obama Administration Evidently, cybersecurity and risk is now an urgent and important matter at hand. Information breaches and hacking have raised fears that such attacks and other security failures can significantly endanger the global economy. In 2015, President Obama acknowledged cyber risk as a top issue for the international agenda. Addressing political leaders, CEOS, and technical experts, the president reinforced that those specialists needed to “collaborate and explore partnerships that will help develop the best ways to bolster our cyber security.” The Obama Administration has taken various actions towards addressing cybersecurity and cyber-attacks. President Obama’s most recent initiatives have included Executive Order 13636 (The National Institute of Standards and Technology) and the Cybersecurity National Action Plan (CNAP). The first initiative was designed to transform and enhance the nation’s cybersecurity policy to effectively respond to cyberattacks and to properly prepare for any potential attacks. The latter initiative was introduced earlier this year in February with objectives that included the enhancement of cybersecurity awareness and protections, protection of privacy, maintenance of public safety, ands the empowerment of Americans to take better control of their digital security. Additionally, last year, under the directive of President Obama, the National Institute of Standards and Technology (NIST) in the United States issued a Framework for Improving Critical Infrastructure Security. The Framework introduced a set of standards and best practices designed to help organizations manage the risks of a cyber security breach. With the aid of this framework, they chart their current security profile, work out what profile they should be aiming for and create a plan for reaching it. President Obama’s concern for cybersecurity can also be seen within his fiscal 2017 budget proposal. Cyber threats are "among the most urgent dangers to America’s economic and national security," Obama said in a Wall Street Journal op-ed published on Tuesday. In his fiscal 2017 budget proposal, President Obama asked for $19 billion for cybersecurity across the US government, an increase of $5 billion over the past year. According to Forbes, the government is planning to invest $62 million alone in cybersecurity personnel. (The government recently just announced its first chief information security officer, Tony Scott, to lead the charge over cybersecurity policy, planning, and implementation to secure the US government.) Additionally, the Department of Homeland Security is said to increase the number of Federal civilian cyber defense teams tasked with finding vulnerabilities on government systems. As these policies are recent measures that have been taken, the effects and success of the various initiatives are still yet to be seen. Yet, what is obvious and essential are the ability and foresight to prevent cyber attacks and vulnerabilities by being prepared. Countering Cyber Attacks Unfortunately, attacks on cyber security and cyber-crime is only likely to increase in the near future, despite the best efforts to prevent such incidents by government agencies and cyber security experts. Technical innovation and the centralization of data create opportunities for cyber criminals to misappropriate critical information from a single target attack. With the online systems allowing its services to become more available, this further multiplies significantly the opportunities to penetrate security measures. The increase in numbers will be due to the expanding availability of services online and the growing sophistication of cyber criminals engaged in such operations. The question then shifts in how to counter these cyber risks.  There is no shortage of advice available to organizations to help them assess risks and develop suitable plans to counter them. Governments around the world are developing cyber security guidelines. For one, under guidance from the US Securities and Exchange Commission, public companies are required to disclose what can be seen as “risk assessments”- information providing the material risks they face from cyber attacks and include specific detail to enable an investor to assess the magnitude of those risks. US companies are also required to consider disclosure about the potential costs associated with preventing cyber attacks and any contingent liabilities or asserted claims related to prior breaches. In sum, a failure to make adequate disclosures can lead to additional liability in the event of a cyber attack. Furthermore, governments are tightening laws and regulations to ensure organizations will take greater responsibility for cybersecurity. An essential step to allow for this is the reporting of breaches as it enables government agencies to take action to strengthen security, mitigating harm and encouraging organizations to adopt effective security measures. Additionally, other critical steps are essential to establish protective measurements against cyber threats. These include taking actions to identify the security risks organizations and governments face the policy for dealing with them. Standard security measures and configurations should be adopted while malware protection should be highly considered. Furthermore, because networks are often weak points in cyber defense, it is critical for any organization to follow recognized network design principles and to ensure that all information and communications technology are configured to security standards. Of course, reality will be more complicated then the aforementioned measures. Nonetheless, secure precautions must be taken. Evident as it is, cybersecurity is one of the most urgent issues of the day. Computer networks have always been the target of criminals, and it is likely that the danger of cybersecurity breaches will only continue to increase in the future as these networks expand, but there are sensible precautions that organizations and governments can take to minimize losses from those who seek to do harm. With the right level of preparation and specialist external assistance, it is possible to control damages, and recover from a cyber breach and its consequences. There is clearly still much work and precautious measures to be enforced, and the people behind the attacks have a significant head start. For those merely catching up now, cyber security has become a matter of urgency.   About the author:  Jae-Eun Kim is a recent graduate from Carnegie Mellon University where she received a B.S. degree in International Relations and Politics and a M.S. degree in Public Policy and Management. Her current position deals with information security risk management in corporate organizational settings.

The views presented in this article are the author’s own and do not necessarily represent the views of any other organization.