Eugene Kapersky – the founder of Kaspersky Lab, the world’s largest privately-held anti-malware vendor – made four important points in his cybersecurity seminar at Infosec 2013:
- “Every company is a victim of cyber attacks, whether they know it or not;”
- Even smaller businesses have a critical role to play in preventing cyber attackers from using them as stepping stones to bigger victims;
- Governments (and, by my extension, critical national infrastructure organisations) have an essential duty to move their services to more secure environments where cyber attack is very difficult; and
- Everyone – governments in particular, as they control large budgets and regulatory powers – must contribute to the drive to increase the universe of cyber security skills.
From a ‘take action’ point of view, this translates into
- Carry out a cyber security risk assessment as soon as possible, and act on the findings; and
- Initiate a programme of cyber skills security training amongst your IT team.
In the dark world of cyber security, your inattention will bring you to the attention of cyber attackers.
His first point “Every company is a victim of cyber attacks, whether they know it or not;” is very true. Over the last couple of weeks I’ve seen companies only being made aware of their website being hacked by customers reaching out to them via Twitter. Most of these examples I’ve come across are small businesses, sometimes one man bands – but nevertheless if they hold customer data then they’re in serious trouble.
If Twitter wasn’t there, the time between companies realising they’ve been hacked and carrying out the necessary procedures would increase drastically.
Alan: the Texas A&M Engineering Extension Service offers completely free government funded online cyber security training awareness. It’s a great place for a company, non-profit or other organization to get a start on cyber security training. Even better, completion of each three tracks will earn the student college credit through the American Council on Education.
Our site at: http://www.teex.com/cyber has all the information and links to the registration system and classes. No cost, no obligation, no sales pitch, just the Department of Homeland Security/FEMA providing awareness resources to secure critical infrastructure. Please share with everyone you know.