Are You Secure? Really? How Do You Know?
Homeland security has been top of mind for state legislators for the last several years. Whether discussing and sharing best practices or understanding how to best protect the nation’s students in school or how to handle cybersecurity threats legislators continue to search for better answers. A large challenge has been how to know that a state is on the right track, that what the legislators are doing is making a difference. In the world of cybersecurity that can be a real challenge.
One cybersecurity solution that is particularly user-friendly for a non-tech CEO to understand is CyGov’s approach. CyGov is a firm founded in Israel but providing global services. Israel necessarily has an intense focus on the security of those who live there given the global neighborhood in which they live. And like any place of intensity and laser-like focus on one area of expertise, advancement in innovation in that area tends to follow. Members of Cygov’s leadership have visited ALEC previously as part of the innovation outreach work conducted by the ALEC Center for Innovation and Technology. As the company describes itself “CyGov is a cybersecurity firm focused on developing a cyber assessment platform to enable organizations to manage their cyber risk and readiness much more effectively.”
Cyberthreats against the private sector have been well covered in the press over the last few years. Broadly, there is a $600 billion annual cost because of cybercrime, with an average cost to an attacked company of $3.6 million. In 2017 alone ransomware, a type of software that blocks access to a computer system until a demanded sum of money is paid, attacks increased 36 percent, Attacks now come at more than 4000 a day. Companies are left with trying to quantify and manage this risk, but generally, the current state of assessments leaves much to be desired.
Corporate leaders often find that risk assessments do not provide them an effective means to confront the challenges. Assessments are often lacking clear actionable steps or fail to help interpret the risk in an understandable way. And if they do, tracking progress towards a goal is nearly impossible, often because the assessments are manual and generic, not deploying tools that fit the industry. The assessments also tend to be too narrowly focused, measuring risk from the standpoint of technology while ignoring strategy, intelligence, and physical security.
But in addition to industry, people, and politics, government operations are at risk as well, attacked daily thousands of times over internationally, across the country and even locally. For example, the United Kingdom has recently invested more than $2.5 billion in cybersecurity to fight against an estimated 4.5 million malicious emails a month. In the U.S. federal government IT professionals report, “…the security threats at federal agencies are coming from careless insiders, foreign governments, the general hacking community, ‘hacktivists,’ malicious insiders, terrorists, for-profit criminals and industrial spies.
Half of the respondents—from civilian agencies in particular—indicated an increase in spam and malware attacks, while more than a third saw a rise in ransomware and social engineering-related breaches.’” Locally, the problem is just as bad. Very publicly in Atlanta this year, but across the country from New Mexico to Colorado to Dallas to Birmingham, local governments are being attacked and often their computer systems held ransom. Government at all levels must be prepared and stay vigilant.
The easiest means to understand it all might just be a dashboard, providing a score and a readiness level benchmark. Combined with better data collection, extensive analysis, such visual and quantifiable analysis provides to management an understandable approach to what is going on within their organizations. As CyGov states, “In today’s world of emerging cyber threats, it’s not enough to stay up to date; you need to stay ahead of the rapidly evolving cyber landscape.” This is particularly true of state and local governments lest they become easy targets for mischief, meddling, or malice