Closing Loopholes: Promoting Cybersecurity Vigilance in the Next Term

January 11, 2017 by Michael Bruemmer

Closing Loopholes

With the election of a new commander-in-chief comes a powerful tide of change and adjustment. Affecting much more than just diplomacy and the interactions of state leaders, presidential leadership decisions ripple across the real and digital worlds. With such a transition occupying the minds of many right now, it’s only natural to explore the potential for implications in cybersecurity as well as threats of cyberwarfare.

Cybersecurity and hacker activity were a dominant theme that provided a raft of headlines throughout this recent election year, including cyberattacks on individuals and company interests that ranged from the Democratic National Committee to allegation of international meddling activity in voter databases in multiple states. Both candidates offered visions of enhanced cyber offensive capability, as well as sharing, in varying degrees of detail, the criteria that would trigger retaliatory action after an attack.

The problem with considering these visions as complete platforms for cybersecurity protection is that they neglect critical vulnerabilities: leaving American interests and infrastructure, as well as the private sector, vulnerable to attack. Just as it’s often said on many sports fields that the best offense is a solid defense, it’s a maxim that rings true when it comes to privacy and security concerns, too.

With a new president about to be sworn in, it’s time for us to continue pressing for initiatives that provide protection to critical infrastructure and industry within the private sector. Helping us institute a resilient defensive cyberstrategy means that those groups will be able to effectively combat any politically motivated attacks in the years to come.

What can groups do in the meantime? Consider standards to adopt that can offer steps to harden existing platforms and mitigate existing cyber risk points. The Department of Commerce’s National Institute of Standards and Technology offers a guide for businesses in any industry to explore their existing approach and audit for vulnerable points of access and breakdowns that can occur in the identification and communication of cyber risk. Reviewing this standard framework allows companies to understand their placement on the protection spectrum and discover the opportunities to improve their practices.

Beyond creating a strong internal defense and response to cyberattack, businesses, industries and the government must work more closely together in the future to share intelligence so that best practices can be updated. Here, organizations can take the first step on their side, by working together and identifying ways to connect productively with law enforcement to promote their shared goals. According to our recent annual preparedness study, 41 percent of businesses were already participating in information-sharing programs with industry peers or the government about data breach activity and response. However, that still means that the majority of businesses haven’t yet connected with networks to grow savvier to recent attack activity. Given the frequency with which businesses are entangled in politically motivated hacking activity, this is a number that we hope will rise dramatically.

As inauguration day approaches, those yet to engage must understand that the cybersecurity threats we have yet faced will continue to grow in frequency, severity and technical ability. Our ability to defend against these threats is far greater when we can work together to craft secure, agile responses to cyberattack.

Legal Notice: The information you obtain herein is not, nor intended to be, legal advice. We try to provide quality information but make no claims, promises or guarantees about the accuracy, completeness or adequacy of the information contained. As legal advice must be tailored to the specific circumstances of each case and laws are constantly changing, nothing provided herein should be used as a substitute for the advice of competent legal counsel.