February 02, 2016
The federal Cybersecurity Information Sharing Act of 2015 (CISA) was recently signed into law – and the timing couldn’t be better.
CISA was created to improve cyber security in the United States through the systematic sharing of information about cyber security threats.
Protecting confidential information from cyber criminals is a huge issue for everyone today.
Hundreds of Threats Per Minute
“There are 80 to 90 million plus cybersecurity events per year, with close to 400 new threats every minute, and up to 70% of attacks going undetected,” said Sarbjit Nahal, managing director of Bank of America Merrill Lynch in a welivesecurity.com post. Citing a Merrill Lynch report, he said that up to one billion data records were compromised in the U.S. in 2014.
The cost of cyber crime keeps rising too. The 2015 Ponemon Institute Cost of Cyber Crime Study: United States, showed that it increased 96% between 2010 and 2014. Every year cybercrime costs companies between $1.9 million and up to $65 million each. Plus, the per capita cost is significantly higher for small organizations compared to larger ones ($1,571 versus $667).
Organizations Are Not Prepared
Most respondents in the 2015 Global Cybersecurity Status Report from ISACA (Information Systems Audit and Control Association) said that cyber attacks are one of the top three threats facing organizations today – but only 38% felt prepared to fend off a sophisticated attack.
Share Threat Indicators
While CISA won’t solve all the problems, supporters believe it will help.
The act rallies businesses and the federal government to share threat indicators and other cyber threat activity. The Department of Homeland Security (DHS) will share information if warranted – to ultimately warn other companies.
Unlike privacy legislation, CISA is a voluntary bill so organizations decide whether or not they share information. At the same time, the law grants full immunity from government, private lawsuits and other claims that may arise from sharing private data.
Real-time cooperation will be essential, commented security expert Brian Krebs, krebsonsecurity.com. Hackers can strike fast, and information is needed right away.
CISA final policies and procedures will be issued in June 2016.
Here are best practices in cyber security:
A comprehensive document management program protects electronic information from creation through to destruction – to minimize the risk of a data breach and support online security.