Page 17 - Publication6
P. 17
Companies spend huge sums of money every year to Cybersecurity and Communications Integration Center,
maintain a security perimeter designed to fend off cyber the Cyber Threat Intelligence Integration Center, and the
and insider threats. According to Gartner, worldwide Cyber Response Group.
spending on information security will reach $76.9 billion
While these initiatives might strengthen the government�s
in 2015, an increase of 8.2 percent over 2014. Data breaches
threat awareness, the average company will most likely not
at companies such as Target, Home Depot, Staples, eBay,
benefit from these efforts. Unless, of course, they�re
and Anthem are raising doubts about the effectiveness of
exposed to state-sponsored cyber-attacks, as in the case of
these investments. Based on the dynamically changing
Sony Pictures Entertainment, which would draw the
threat landscape, it appears that organizations need to
attention of the government. Otherwise, it will remain an
redefine the way they�re defending against cyber threats.
organization�s sole responsibility to build an effective cyber
Cyber-attacks have become part of the day-to-day security strategy that meets today�s unique threat
operations of many businesses and public sector agencies. requirements.
As frequency and sophistication has increased dramatically
So what can be done to minimize cyber security threats�
over the last two years, many organizations are struggling
to align their cyber security strategy with the new threat There are five essential building blocks to build a sound
realities. Those seeking guidance and assistance from the cyber security strategy:
government have been disappointed. Political gridlock in
Washington has hampered progress on passing a Cyber “Undeniably, data
Security Information Sharing Act that would at least enable
cyber threat data exchange across different industry sectors is the prime target
to improve cyber resilience.
for attackers”
To show some momentum, the White House mandated
the development of a voluntary risk-based Cybersecurity
Framework – a set of industry standards and best practices
to help organizations manage cyber security risks. This
1. Data Integrity
Cybersecurity Framework, developed by the National
Institute of Standards and Technology (NIST) with the Undeniably, data is the prime target for attackers.
collaboration of other government agencies and the private Therefore, if we can prevent data from leaving the
sector, was introduced about one year ago. organization or being modified, protecting against network
Notwithstanding some anecdotal evidence presented to breaches becomes less critical. Unfortunately, data is often
th
members of a Senate committee at a February 4 hearing, left unsecured. For example, a quick web search for �data
there has been no measurable proof that using the breach and unencrypted data� produces thousands of
framework can help prevent cyber-attacks. results that illustrate how many organizations fail to protect
the integrity of their data and don�t even encrypt sensitive
In addition, the White House recently signed another
information.
executive order that strengthens the authority of federal
offices to collect and aggregate cyber threat information The first step to assure data integrity is to classify data into
from across the government and the private sector. At the categories that reflect the business need to protect them,
same time, the President and his staff members announced such as �public�, �internal use�, �confidential�, and �top
the creation of three new US cyber groups -- the National secret�. Unfortunately, data classification is often
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 3