By Tom Scott, SC Cyber Executive Director
This October marks the 14th year that National Cyber Security Awareness Month has been recognized and celebrated. We are fortunate to witness each year a coming together of cyber security professionals and a marked emphasis on spreading the cyber message.
The NCSAM campaign provides the chance to remind the public safety community that since we lead digital and Internet-connected lives, it is our shared responsibility to protect and safeguard our information and data. Indeed, it is believed that the cyber ecosystem will be a primary driver of the economy over the next 20-50 years since it maximizes our ability to grow commerce, communications and community in our connected world.
This yearly emphasis is an opportunity to put out the latest messaging on how to protect yourself, your home and family and departments. NCSAM reminds us to conduct a periodic review of our systems and our personal habits. Be honest, when was the last time you changed all of your personal and professional passwords? It also reminds us to review current infrastructure as technology is constantly changing and new cyber threats are emerging.
Cyber risks are ever evolving and it is imperative to change and adapt the messaging to mitigate the changing risks.
Cyberattack recovery – who’s responsible?
Government leaders are on the hot seat and being held accountable for cyberattacks and breaches. It used to be that cyberattacks and the organization’s response was the sole responsibility of the IT department. But, as it has become clear that the consequences of a cyberattack can threaten an enterprise’s very existence, leaders (e.g. chiefs, sheriffs, directors) are now being held more accountable. Leaders must be aware that a serious incident could result in several negative consequences for their enterprise, such as reputational damage or regulatory fines.
Learning from cyber terminology
What we’ve learned is that we must constantly adapt to the changing threats. We have seen various terms used for basically the same idea and concept—protect what is valuable. We protect what is valuable by securing it from loss or theft. In a physical world we use the term security and in an electronic world we use the term security as well.
Specifically, we use terms like information security, data security and network security. In a federal and Department of Defense world, we see the term information assurance used interchangeably with those noted above.
Another change and evolution occurred as the word cyber and cybersecurity have become the common lexicon and terms used in daily life.
The transformation has already occurred and it is entirely possible that cybersecurity is already a term of yesterday. The reality is, that with the constantly changing threats and the constant need to create a perfect combination of people, process and technology, we will never be secure any more than we can reduce risk to zero.
Instead, the evolution from cybersecurity to cyber resilience is already occurring in industry, academia and government.
It is no longer the goal to be secure. The new goal is to be able to recover from a cyberattack and to be cyber resilient.
Cybersecurity professionals will tell you it’s a matter of when you are breached not a matter of if. If that is truly the case, then it will take the entire organization and dedicated employees to implement resilience strategies to ensure survival. For public safety, this is more and important to ensuring the continuity of providing services to the public.
Everyone must do their part to raise cyber awareness, implement stronger security practices and educate their staff and communities to build a safer digital society that will be resistant to cyberattacks and more resilient when that cyberattack occurs.
About the Author
Thomas Scott is the Executive Director of SC Cyber. With over 25 years of State Government experience in both Florida and South Carolina, Tom has developed a wealth of knowledge and experience in protecting State critical infrastructure and cyber assets. He currently holds certifications in information security, information auditing, security leadership, and project management – he is also recognized a FEMA Continuity of Operations Planning (COOP) Practitioner.
Webinar: Cyberattacks against government agencies – mitigating risk