April 16, 2015

Cyber Attack: Could Obama’s Security Sharing Plan Change Things?

Have you heard about President Obama’s information sharing plan to reduce security breaches? It’s part of a larger proposed strategy to better secure cyberspace.

The plan would increase the exchange of cyber threat information between the private sector and the National Cybersecurity and Communications Integration Center (NCCIC). An agency of Homeland Security, NCCIC would share cyber threat information as quickly as possible with relevant federal agencies and private sector centers.

More sharing this way, said a CBSnews.com report, would lead to better information, faster responses, and the increased ability for companies to see a cyber attack coming.

But would it significantly reduce security breaches?

While there was some positive support by respondents in a recent Passcode Influencers Poll (one supporter said: “Sharing of threats and latest intel is the easiest way to mitigate breaches”), 87% of respondents were not convinced.

“Information sharing allows better and faster band aids but doesn’t address the core problem,” was one comment.

“Information sharing is an important component of cybersecurity but will not reduce security breaches by itself,” was another.

At the same time, there’s no question that something more needs to be done to protect confidential information online.

The amount of information that has been breached is staggering. According to the Privacy Rights Organization Chronology of Data Breaches, more than 816 million records have been breached since 2005.

From businesses’ point-of-view, the 2014 Cost of CyberCrime Study by Ponemon showed that the average cost of cyber crime per company has increased 95% in the last four years. The annual number of successful attacks per company increased 144%.

Furthermore, the 2014 U.S. State of Cybercrime Survey by PWC showed an average of 135 security incidents in 2013 per organization. Two-thirds of companies that detected a security incident were not able to estimate the financial costs. For those who could, the average annual loss was approximately $415,000.

While new cyber threat strategies such as Obama’s information sharing plan gain steam, businesses are encouraged to follow cybersecurity best practices.

  • Utilize all forms of IT safeguards – for example, anti-virus and anti-spyware protection, encryption software, and spam filters. Set strong passwords, and keep systems optimized by installing updates.
  • Maintain an open dialogue about Internet safety. Communicate information security policies and procedures to employees. Create a culture of security from the top down.
  • Implement a comprehensive and compliant document management policy. Archive confidential information for safekeeping, retrieval, and destruction purposes. Keep only what is absolutely necessary; securely dispose of paper and e-media information that is no longer needed.
  • Provide security awareness training. Explain social engineering schemes, and teach smart work habits when visiting websites, opening emails, and downloading documents.
  • Create a data breach response plan. A well thought out plan can help reduce recovery time and costs.
  • Secure the physical office. Less common than electronic prying, physical theft still occurs. Implement a clean desk policy. Have all visitors sign in. Use burglar alarms.

Find out how big the penalties can be when a company doesn’t comply with privacy laws.