Tech Insights: Cybersecurity is Everybody’s Business
Concerns about cybersecurity may not be on most people’s minds. But whether you’re managing a town, a school district, or a personal, online bank account, you should be aware of threats to your information, money, and safety, says Leslie Williams, Chief Information Security Officer for the New Hampshire Department of Information Technology.
“Threats are increasingly sophisticated and targets are broadening where everyone is a potential victim,” Williams says, describing an environment where email spam is being replaced by spearphishing, or targeted spam, and attacks which are financially, criminally, or politically motivated. In response, Williams has ramped up efforts to promote awareness, and has put controls in place to reduce exposure and risk.
“We saw, and maybe you have experienced first-hand, the rise of targeted attacks, mobile threats, and risks with the use of social media,” Williams wrote in a paper addressing state resources and risks in 2011. “With the surge of mobile device offerings, just saying ‘no’ is no longer a valid security stance, so we must find a way to allow the secure use of these devices.”
Williams says cyber attackers are after money, intellectual property and personal data, as well as making protests. They employ repeated attacks and constantly change their methods to evade detection.
And the problem seems to be getting worse. In 2011, a “transformational year” in cybersecurity, Williams says, the threats changed: there was an increase in volume, force, and duration, an evolving and morphing that made putting security measures in place a constant challenge. “While we saw significant advances last year, the cybersecurity environment has been rapidly morphing to a new normal,” she wrote.
It’s a situation that depends on technology, people, and processes, Williams says, pointing out the potential of an attack on network and computer systems to eliminate public safety and other essential services, undermining public confidence and wreaking other havoc. The current threat, moreover, targets not only money or prestige, prime motivators in the past, but also politics. Indeed, “hacktivists,” political protestors using cyberspace to wage their campaigns, are among the most recent and worrisome threats to computers and the Internet, according to Williams.
To help audiences better grasp the weight of cybersecurity, Williams offers a definition that captures its essence: “Cybersecurity encompasses technologies such as broadband, local area, and wireless networks, as well as standards, policies, and procedures which help protect network and computer systems and the information they hold, from attack, damage or unauthorized access.” She also advocates for shared accountability. “With today’s unprecedented reliance on computers and the Internet, we all share the responsibility for protecting our information and interconnected way of life,” she says.
Organizations and individuals aren’t helpless in the face of cyber threats, Williams continues. But protection requires vigilance. “Criminals seek the easy route. Following best practices is very effective to protect yourself.” She also offers a list of resources available for computer and Internet safety including security updates, alerts, and resources for New Hampshire residents, businesses, academic institutions, and governments including the Department of Homeland Security, US-Cert (United States Computer Emergency Readiness Team), NIST (National Institute of Standards and Technology), MS-ISAC (Multi-State Information Sharing and Analysis Center) and SANS (SysAdmin, Audit, Network, Security).
“The risk is real. That’s the bad news. But the good news is there’s a lot people can do to protect themselves,” Williams says. “Stay informed. Follow best practices. Be consistent. Raise awareness. Share, be prepared, and integrate. Make security a part of what you do. Bake it in, don’t bolt it on.”
Daniel Kaplan is the Chief Information Officer at the New Hampshire Local Government Center. He can be reached at firstname.lastname@example.org or 603.320.3342.