It should come as a surprise to no one who follows the news that cyber security threats are on the rise in the U.S. and that the security of every business not innovative enough to thwart cyber attacks is at serious risk. The fact that employees remain points of vulnerability in a world where cyber security threats are on a meteoric rise demonstrate the dire need for implementation of identity and access management solutions that are as innovative as these cyber security threats. Without immediate enterprise risk management techniques and audit controls in place cyber security threats will make the $13 billion lost last year seem small by comparison.
Anyone who doubted this fact or believed it to be a scare tactic of companies who sell security software need only heed the words of this country’s top cyber officer. Gen. Keith Alexander, director of the National Security Agency and commander of the United States Cyber Command, this week told an audience at the American Enterprise Institute that the FBI is currently able to detect less than 1% of all cyber attacks. That number is so eerily small that his assessment of the situation almost seems like an understatement. He said, “The probability for crisis is mounting”.
“Mounting” just may not be a strong enough word for it.
Alexander’s caution came as he lobbied Congress to pass legislation to improve communication between the public and private sector about what they each know about IT cyber security threats in an effort to beef-up enterprise risk management cyber security across the board. Such legislation cannot come fast enough.
According to CNN’s report of the Industrial Control Systems Cyber Emergency Response Team (ICS‐CERT), there were 198 acts of cyber terrorism reported to the Department of Homeland Security in 2011, up from NINE in 2009 — an increase of 2,200-percent! These infiltrations cost businesses in excess of $13 billion. CNN’s coverage of the report also noted:
“The report also identified common trends that allowed attackers to penetrate systems. They included employees who were not properly aware of potential dangers and technical and process flaws that left their systems exposed to attack.”
Sounds like the crisis is already here!…and when we look further into the issue of cyber security threats we find that most of the breach activity either originated from within the organization itself or was the result of a phishing attack made possible by inside, albeit non-intentional intervention. The aforementioned ICS-CERT report said of the 17 threats investigated in-depth, 11 were the result of “spear-fishing” attacks.
Begin your identity management initiative by following what corporate compliance experts recommend for the workflow automation of businesses processes, self-service administration and IT operations.