Top 10 Cyber Security Threats of 2011 and Beyond
The next decade portends new threats that surpass those of years past in both intensity and impact.
The Obama administration has been vocal about the need to improve cyber security, which is good. Someone has to bang the drum and make people realize that when companies are hacked or are hit with malware, it is serious business. Thing is, the federal government hasn't always been very good at practicing what it preaches. The cyber security holes were made clear last year after WikiLeaks disclosed thousands of classified documents.
In typical government fashion, months after the incident, the White House is now issuing an executive order to replace the flawed system of computer security safeguards in the federal government network. According to The New York Times, the order is the result of a seven-month government-wide review of policies and procedures involving the handling of classified information. The article pointed out:
The directive enshrines many stopgap fixes that the Pentagon, the State Department and the Central Intelligence Agency made immediately after the initial WikiLeaks disclosures last November. Since then, for instance, the military has disabled 87 percent of its computers to prevent people from downloading classified data onto memory sticks, CDs or DVDs.
The article also goes on to say that a lot of the measures in the executive order should have been instituted a long time ago, and the government's policies have lagged far behind those instituted in private industry.
What I think is the most important takeaway from the executive order is that the policies are focused heavily on keeping information inside government walls, as opposed to worrying about others breaking in. After all, the WikiLeaks breach was allegedly caused by an insider. This is important because cyber security measures seem to get so wrapped up in how to prevent a potential threat crashing through the network barriers that we forget that the biggest threat could be in the next cubicle. Earlier this year, a Cyber-Ark survey found that nearly one in five executives said there were cases of insider sabotage within their company.
An article in Help Net Security stated:
16 percent believe that competitors may have received highly sensitive information or intellectual property including customer lists, product information and marketing plans from sources within their own organization.
Frankly, it is about time the federal government steps up and realizes that just because someone has a security clearance doesn't mean he or she doesn't have an ax to grind or is above committing a cyber security crime. The executive order is also a good reminder to organizations, both public and private, that the insider threat is there and needs to be a top priority in any cyber security policy.