The Business-Technology Weave

Apr 11 2011   11:25AM GMT

Sobering: Cyber Security and Government

David Scott David Scott Profile: David Scott

 

It was so tempting to title this, “Sobering:  Cyber Security and Society”… I do so love alliteration.

 

But no matter – perhaps as follow-up.  But today’s post is driven by some concerning statistics that are rather bothersome.  The number of cyber security incidents affecting Federal Government information is increasing. 

 

Consider:

 

Cyber Security Incidents Affecting Government Information:

 

-         2006 incidents reported:    5,503

-         2008 incidents reported:  16,843

-         2010 incidents reported:  41,776

                                                     

Source:  GAO & Office of Management

 

“Affecting” involves everything and anything:  Exposure, corruption of data, nefarious manipulation of data, introduction of malware, breach, theft, loss, and so forth.  We all face the same sorts of threats and attendant bad outcomes.

 

It’s been awhile since I’ve done work for the Feds, but interestingly, I had occasion to do a little work for a city agency recently – just within these past weeks.  Obligation of Confidentiality prevents me from naming the city, agency, or specific work – and even absent that, I wouldn’t.  However, a rather illuminating incident does highlight what is likely to be a contributor to Federal, State, County and City governments’ challenges, and provides a lesson to us all.

 

An administrative person received a warning e-mail from Target regarding the Epsilon breach.  It appeared that the recently-departed, prior, Admin person had ordered from Target at that particular PC workstation, under generic login credentials (“Admin”), and Target was warning that the admin@xyz.org address, and perhaps other information, might be compromised . 

 

I notified the department’s Director, offering to draft an e-mail of warning regarding the Epsilon breach, and some things to watch for, to avoid, and some general cyber security tips.  A point to the department’s IT Security Policy would have been nice too (if they had one).

 

The Director declined – and because I was there contracting on other matters, I concentrated on those.  But… my gosh:  In 2011, you miss an opportunity to reinforce security awareness and to propagate best practices in a vulnerable environment?  Who can afford that? 

 

No  one.

 

The stats above are hardly surprising.  If you are in a position of influence – whether  government agency or private sector business – anything – never lose an opportunity to reinforce security awareness and best business practices.

 

Always remember this BTW principle: 

 

In the realm of risk, unmanaged possibilities become probabilities.

 

 

On this day:  In 1921, station KDKA broadcast the first radio sporting event:  a boxing match; Ray vs. Dundee. 

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: