Cyber Security Sprint
After a host of high-profile cyber-attacks left people and businesses fearing for their online security, the US government’s Chief Information Officer, Tony Scott, revealed his proposal for a month-long cyber security sprint, which began in June 2015. This plan involved various federal agencies doing all that they could, within a relatively short amount of time, to bolster their online databases and boost their levels of computer security. In order to be properly prepared for any future cyber-attacks, Scott evidently believed that it was important for agencies to act as quickly as possible. Whether or not these agencies have managed to win the cybersecurity sprint remains to be seen, but some big changes have certainly been put into place.
One of the top modifications many agencies have made to their security systems is the introduction of the Einstein 3 Accelerated scanning software, which notifies users of any incoming attacks by constantly searching for signs of cyber breaches. Other vital changes include the patching and updating of various systems, giving every piece of software the best chances to survive any sort of attack. Meanwhile, the regulations behind privileged system users will have been changed in order to prevent hackers from impersonating high-profile users in order to access tightly-guarded information.
Scott’s plan also involves the creation of a Cyber security Sprint Team, charged with reviewing the various security systems and policies that are in use at various agencies. By reviewing these policies, the team will be able to make recommendations for improvements and other future changes. Andy Kicklighter, Director of Product Marketing at Vormetric, a digital security company, has said that these proposals are clearly beneficial but agencies should primarily be focusing on adding extra layers of protection to the most vital data on their systems. He recommends the use of encryption to effectively lock down any sort of access to information that hackers might target. He believes that future cyber breaches are inevitable and so we should focus on protection rather than prevention.
Kicklighter’s colleague and Chief Security Officer, Sol Cates, echoes these sentiments while suggesting that the priority of the cybersecurity sprint should be focused on improving the procedures around privileged user profiles. Cates says that many attacks make use of privileged user allowances to easily access targeted information, and so these users should be more limited in what they are actually allowed to do. In addition, the authentication processes need to be improved to ensure the identities of these privileged users.
The cyber security sprint is evidently a positive idea that should yield some impressive results at various agencies. However, the problems identified by the employees of Vormetric, among others, prove that there is still a long way to go until users can feel more confident about the privacy of their data. The cyber security sprint might be won by focusing on the right priorities, but much more work needs to be done as the information battle continues over the next few years.