By Michael McCartney (firstname.lastname@example.org) is President/CEO of DIGITS LLC, in Buffalo, NY.
We have all seen the national news reports lead with the all too familiar story of another company being the victim of a cyber attack. Target, Neiman Marcus, eBay, Goodwill, Stubhub, and many more, have all fallen victim to this alarmingly increasing trend. Of course, these are all name brand companies that are worthy of national media attention. However, yearly reporting of data breach statistics prove that no one is immune from this risk.
One of the most widely respected annual data breach publications is the Verizon Data Breach Investigative Report (DBIR). The 2014 report is the tenth (10th) annual report, which aggregates data security incidents and breaches from 50 organizations across 95 countries. This provides for trending and matrix of breach statistics by industry. The report shows that every industry is affected and highlights the motivations behind the attacks. While financial gain is still the highest motivator for most threat actors, espionage is on an alarming increase. The report also shows that no industry is safe from these attacks.
Reference : http://www.verizonenterprise.com/DBIR/2014
At the Annual Meeting in Boston on August 12, 2014 the American Bar Association ABA House of Delegates passed a resolution that encourages all private and public sector organizations to develop, implement, and maintain an appropriate cybersecurity program that complies with applicable ethical and legal obligations. The report goes into great detail outlining the severity of this data breach crisis, not only to law firms, but to private industry and our critical infrastructure. The government includes the following industries as critical infrastructure: Chemical, Commercial Facilities, Communications, Critical Manufacturing, Dams, Defense Industrial Base, Emergency Services, Energy, Financial, Food and Agriculture, Government Facilities, Healthcare and Public Health, Information Technology, Nuclear Reactors, Materials and Waste, Transportation, and Water and Wastewater Systems. The private sector owns about 85% of this infrastructure in the US.
American Bar Association encourages these organizations conduct regular risk-based assessments as well as to develop and test a Incident Response Plan for possible cyber attacks, including disclosure of data breaches, notification of affected individuals, and the recovery and restoration of disrupted operations.
Reference : http://www.americanbar.org/content/dam/aba/administrative/house_of_delegates/resolutions/2014_hod_annual_meeting_109.authcheckdam.pdf
In February 2013, President Barack Obama issued Presidential Policy Directive – 21 together with Executive Order 13686 acknowledging the alarming increase in cyber security incidents and calling for the U.S Department of Commerce to develop a Baseline Framework to Reduce Cyber Risk to Critical Infrastructure. In February 2014, the National Institute of Standards and Technology (NIST) published their Framework for Improving Critical Infrastructure Cybersecurity working paper.
These reports and government initiatives demonstrate a significant trend in awareness around the need to proactively address our cyber security and cyber response readiness. DIGITS LLC offers a full suite of proactive and reactive services t assist companies confront these challenges head-on!