Opinion: Growing Cybersecurity Threats and the Duty to Act
10/31/12 10:19 AM
By Sherly Abraham, PhD Candidate, Informatics, University at Albany; Dr. Jane LeClair, Dean, Excelsior College School of Business and Technology
The proliferation in the use of computing devices and our increased dependence on technology is also marked by the rise of cybersecurity incidents. As mechanisms to combat threats develop, cyber attackers are also at work developing attack strategies that counteract these protection mechanisms.
Cyber-attackers target weakness in technologies, people and procedures, and often use a combination of schemes in order to launch attacks. Some of the noteworthy recent developments in the world of cybersecurity emerge from the threats posed by Hacktivism, mobile devices and cyber warfare. In general Hactivisim involves using computers and networks for cyber-attacks in order to promote political views. Similarly, the increased use of mobile devices has blurred the fine line of organizational boundaries, and people are now accessing organizational networks from a wide range of mobile devices. Finally cyber threats are not just national but have international implications. Cyber Warfare includes governments damaging another nations computer or information systems through cyber-attacks.
Clearly organizations need to adopt a multi-pronged approach to protect their information assets. An effective cyber security program needs to a follow a balanced approach that focuses on technology, people and procedures.
Secondly, organizations are often times reactive and implement protection mechanisms after the aftermath of a cybersecurity incident, in other words after the damage is done. Organizations need to follow a proactive approach to cybersecurity in addition to effectively reacting to cyber incidents. Although, it is not possible to totally prevent cybersecurity incidents, the risk and impact are mitigated if the proper plans and procedures are in place.
Thirdly, the landscape of cybersecurity threats are constantly evolving and as technological choices and options expand, organizations need to constantly update their information security procedures to include policies that govern the use and application of new technologies. Also, cybersecurity applies to all employees in an organization and it is essential to provide employees with ongoing training on the risks and preventive strategies of cybersecurity.
There is a dearth in the workforce for cybersecurity professionals to fill the increasing job demand. Given the shortage of workforce, it is pertinent to encourage educational opportunities in cybersecurity. The awareness of the importance of cybersecurity needs to be emphasized nationwide in schools and colleges and funding opportunities provided to promote research and education.
Finally it is important to note that end users, corporations, and government depend on each other for the Internet to function, and this calls for a shared social responsibility in combating cybercrimes. The joint effort of users, educational institutions, corporations and government assists in protecting national assets and promoting a safe electronic environment.