Page 18 - Cyber Warnings
P. 18
Government Cybersecurity Efforts: Good or Bad?
By Paul Fletcher, Cyber Security Evangelist at Alert Logic
Data breaches seem to dominate the front page of breaking news cycles nearly every week,
and we’ll likely see this continue into 2016 and beyond as companies large and small alike
scramble to get controls in place (stay with me, there are numbers to back this claim up).
In 2014 alone, more than 2,000 data breaches and one billion personal records were illegally
accessed by hackers across the world. In 2015, these numbers grew though the data isn’t in
yet.
Think about it, we saw breaches impact companies far and wide, including CIA Director John
Brennan's AOL account, Ashley Madison, Anthem and Office of Personal Management. And
just to prove that nothing is sacred when it comes to cybercrime and cybercriminals -- electronic
toymaker VTech was hacked and nearly 6.4 million children's profiles were compromised.
With the cost of a single data breach averaging around $3.79 million, companies are
strengthening their cybersecurity postures at the speed of light, hoping to avoid costly and
devastating data attacks.
And while each company must stand on its own to protect themselves and, more importantly,
their customers against a potential breach, the question always remains:
Does cybersecurity legislation help protect businesses and consumers? Here are some things
to consider.
Cybersecurity Laws Can Be Limited in Scope
Take the recent Cybersecurity Information Sharing Act, for example. Much was made of this
cybersecurity legislation in the news but in truth it’s an information-sharing law that makes it
easier for private and public sectors to share information about breaches – no more, no less; it
wouldn’t have done anything to stop cyberattacks like we saw with Target, Ashley Madison and
OPM.
And, in addition to their being issues with the law regarding privacy – many feel the language
around whether shared data can be used for purposes unrelated to cybersecurity is vague – it
doesn't address basic problems like unencrypted files, poor computer architecture, servers that
haven’t been updated, and human err like employees or contractors in an organization clicking
malware links.
Legislation can often be well-intentioned but can fail to address the core issues that protect
businesses and consumers.
18 Cyber Warnings E-Magazine – February 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
