Nations Prepare To Take Cybersecurity Head On

As organizations and governments move online, cybersecurity awareness demands more and more attention from high level officials.
In 2016, if governments aren’t already investing in cybersecurity, they almost certainly will be soon by default. With so much data online nowadays, the threat of hackers and data breaches is so acute that governments and leading private sector companies who aren’t actively getting ahead of the curve when it comes to cybersecurity are doing so at their own extreme peril.
With the announcement from Britain’s Department of Culture, Media, and Sport that they will be investing £1.9 billion in cybersecurity over the next five years – as well as creating a new National CyberSecurity center – it’s worth taking a look at the current state of cybersecurity in governments and what gaps need to be filled. With the Minister of State for Culture and the Digital Economy Ed Vaizey stating that 80% of cyber attacks could be prevented if cybersecurity basics were in place, it’s clear why the UK sees the cybersecurity threat as a “tier one” priority.
As more and more parts of governance move online, the need for companies and governments to become aware of the cybersecurity threat has never been more clear. Because government agencies often hold private data about their citizens, the imperative responsibility to adequately protect that data is tantamount. Ignorance or negligence is simply no longer an excuse when citizens are relying on and trusting  you with their personal information, and there have simply been too many examples of citizens entrusting their data to offices with shoddy or ineffectual security frameworks.
There are two main courses of action when it comes to preventing cyber attacks in the public sector. The first is making sure the right infrastructure is in place as far as protecting systems from things like brute force attacks. But the second, perhaps more challenging, task is educating employees to be hyper-vigilant to risk factors such so-called phishing expeditions, where a seemingly innocuous attachment in an email is a hacker’s way into an internal system. This tactic has become a favorite of hackers because it only requires one weak link in a chain of thousands of employees, so widespread training is key. Addressing this requires widespread culture change within organizations, which is not a quick fix but rather a holistic, ongoing, and ground-up approach.
In the United States, last year’s major data breach from the Office of Personnel Management—which targeted the personal records of a staggering 18 million people—was a major wake up call for public sector institutions in the US. IT trade publication GCN recently quoted Major General Sarah Zabel, the vice director of the Defense Information Systems Agency, who was speaking about what measures had been taken since that major vulnerability was exploited:
“We have an exercise once a week. When people log in, a menu comes up that asks a cybersecurity question,” Zabel said. “We hit phishing hard. but we also hit other topics. It’s a constant reminder telling people that they’re on a mission system. They have to protect it by being alert and being aware.”
While internal culture change is undoubtedly key, top down policy matters as well. At the federal level, President Obama has shown signs of taking the threat more seriously, recently appointing tech insiders from Microsoft and Uber to sit on the Commission on Enhancing National Cybersecurity, which is part of the president’s larger overhaul of US tech policy, or the Cybersecurity National Action Plan. According to TechCrunch, “The commission is advisory only, making both short- and long-term recommendations on cybersecurity, public safety, privacy and partnerships between the various appendages of the government.”
The past ten years have seen governments act relatively slowly to ramp up their cyber security frameworks. But now, with global leaders like the UK and US stepping up to the plate, let’s hope that the next decade will usher in increased reforms and stronger frameworks.

VPS makes privacy top priority with Tier 4 N+1 data center security protocols. Learn more at VPS.net.