The State of the Federal Cloud. Read Now. Health Technology in Action Read Now. Tech Policy Trends Read Now. Konkel , Executive Editor, Nextgov. Konkel January 11, Share This:. This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners.
Cookie Preferences Cookie List. Do Not Sell My Personal Information When you visit our website, we store cookies on your browser to collect information. Allow All Cookies. Cookie List A cookie is a small piece of data text file that a website — when visited by a user — asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Sale of Personal Data We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience.
Social Media Cookies We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. Targeting Cookies We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience.
Nextgov uses cookies for analytics and personalization. By continuing to use this site, you agree to our use of cookies. Read our Privacy Policy to find out more. Almost There! Full Name. I Work For Please Provide Your Org.
Phone Number. Zip code. Country Name. Yes, I want to receive occasional updates from partners. I agree to the use of my personal data by Government Executive Media Group and its partners to serve me targeted ads. During the next five years, cybercrime might become the greatest threat to every person, place and thing in the world.
With evolving technology comes evolving hackers. Our best defense is to stay informed and learn from, albeit scary, but useful cybersecurity statistics and facts. Understanding the cyber terminology , threats and opportunities is critical for every person in every business across all industries. Skip to content.
There is a hacker attack every 39 seconds A Clark School study at the University of Maryland is one of the first to quantify the near-constant rate of hacker attacks of computers with Internet access— every 39 seconds on average , affecting one in three Americans every year —and the non-secure usernames and passwords we use that give attackers more chance of success. Prior to joining Cybint, Devon worked on social media and marketing strategies for clients at Startups.
Resources to Explore. In addition, an inspector from the Naval Reactors regional office may walk aboard anytime a ship is in port, without advance notice, to observe ongoing power-plant operations and maintenance. When a nuclear-propulsion plant is operating, the sailors who actually control it—even those who are highly experienced—are always closely monitored by senior personnel.
Any action that presents a high risk to the system has to be performed by two people, not just one. And every member of the crew—even the most junior person—is empowered to stop a process when a problem arises. This is not easy to cultivate in any organization, especially one with a formal rank structure in which immediate compliance with orders is the norm.
Operators with questioning attitudes double- and triple-check work, remain alert for anomalies, and are never satisfied with a less-than-thorough answer. Simply asking why the hourly readings on one obscure instrument out of a hundred are changing in an abnormal way or why a network is exhibiting a certain behavior can prevent costly damage to the entire system.
To minimize the possibility that instructions are given or received incorrectly at critical moments, operators on nuclear vessels communicate in a prescribed manner. Those giving orders or instructions must state them clearly, and the recipients must repeat them back verbatim. Formality also means establishing an atmosphere of appropriate gravity by eliminating the small talk and personal familiarity that can lead to inattention, faulty assumptions, skipped steps, or other errors.
Cybersecurity breaches caused by human mistakes nearly always involve the violation of one or more of these six principles. To be sure, every organization is different. So leaders need to account for two factors in designing the approach and timetable for turning their companies into cybersecure HROs. One is the type of business and its degree of vulnerability to attacks. Financial services, manufacturing, utility, and large retail businesses are especially at risk.
Another is the nature of the workforce. A creative workforce made up predominantly of Millennials accustomed to working from home with online-collaboration tools presents a different challenge from sales or manufacturing employees accustomed to structured settings with lots of rules. Yet the latter is certainly possible, even if a company has a huge number of employees and an established culture. Witness the many companies that have successfully changed their cultures and operating approaches to increase quality, safety, and equal opportunity.
Such shortsightedness at the top is a serious problem, given the financial consequences of cyberattacks. In a study by the Ponemon Institute, the average annualized cost of cybercrime incurred by a benchmark sample of U.
Over the past 3 years, intrusions into critical U. Chief executives know that consolidating their jumble of network systems, as the Defense Department has done, is important. But many are not moving fast enough—undoubtedly because this task can be massive and expensive. In addition to accelerating that effort, they must marshal their entire leadership team—technical and line management, and human resources—to make people, principles, and IT systems work together.
Repeatedly emphasizing the importance of security issues is key. Are network administrators making sure that security functions in systems are turned on and up-to-date? How are spot audits on behavior conducted, and what happens if a significant lapse is found?
What standardized training programs for the behavioral and technical aspects of cybersecurity are in place, and how frequently are those programs refreshed? Are the most important cybersecurity tasks, including the manipulation of settings that might expose the system, conducted formally, with the right kind of backup? In essence, CEOs must constantly ask what integrity, depth of knowledge, procedural compliance, forceful backup, a questioning attitude, and formality mean in their organizations.
Meanwhile, boards of directors, in their oversight role, should ask whether management is adequately taking into account the human dimension of cyberdefense.
And indeed many are beginning to do this. Military commanders are now held responsible for good stewardship of information technology—and so is everyone all the way down the ranks. The Defense Department and the U. Cyber Command are establishing a reporting system that allows units to track their security violations and anomalies on a simple scorecard. Before, information about who committed an error and its seriousness was known only to system administrators, if it was tracked at all.
The goal is to make network security as much of an everyday priority for troops as keeping their rifles clean and operational. Every member of an armed service must know and comply with the basic rules of network hygiene, including those meant to prevent users from introducing potentially tainted hardware, downloading unauthorized software, accessing a website that could compromise networks, or falling prey to phishing e-mails.
And if a climate of complacency is found in a unit, the commander will be judged accordingly. Companies should do likewise. Managers should understand that they, along with the employees in question, will be held accountable. All members of the organization ought to recognize they are responsible for things they can control. This is not the norm in many companies. Cyber Command has developed standards to ensure that anyone operating or using a military network is certified to do so, meets specific criteria, and is retrained at appropriate intervals.
Personnel on dedicated teams in charge of defending networks undergo extensive formal training. For these cyberprofessionals the Defense Department is moving toward the model established by the nuclear navy: classroom instruction, self-study, and at the end of the process, a formal graded examination.
To build a broad and deep pipeline of defenders, the military academies require all attendees to take cybersecurity courses. Two academies offer a major degree in cyberoperations, and two offer minor degrees. All services now have schools for advanced training and specific career paths for cybersecurity specialists.
The military is also incorporating cybersecurity into continuing education programs for all personnel. Relatively few companies, in contrast, have rigorous cybertraining for the rank and file, and those that do rarely augment it with refresher courses or information sessions as new threats arise. Nor does the common practice of requiring all employees to take an annual course that involves spending an hour or two reviewing digital policies, with a short quiz after each module.
They should be as robust as programs to enforce ethics and safety practices, and companies should track attendance. After all, it takes only one untrained person to cause a breach. In the U. Both people must have their eyes on the task and agree that it was performed correctly.
0コメント