It was so tempting to title this, “Sobering: Cyber Security and Society”… I do so love alliteration.
But no matter – perhaps as follow-up. But today’s post is driven by some concerning statistics that are rather bothersome. The number of cyber security incidents affecting Federal Government information is increasing.
Cyber Security Incidents Affecting Government Information:
– 2006 incidents reported: 5,503
– 2008 incidents reported: 16,843
– 2010 incidents reported: 41,776
Source: GAO & Office of Management
“Affecting” involves everything and anything: Exposure, corruption of data, nefarious manipulation of data, introduction of malware, breach, theft, loss, and so forth. We all face the same sorts of threats and attendant bad outcomes.
It’s been awhile since I’ve done work for the Feds, but interestingly, I had occasion to do a little work for a city agency recently – just within these past weeks. Obligation of Confidentiality prevents me from naming the city, agency, or specific work – and even absent that, I wouldn’t. However, a rather illuminating incident does highlight what is likely to be a contributor to Federal, State, County and City governments’ challenges, and provides a lesson to us all.
An administrative person received a warning e-mail from Target regarding the Epsilon breach. It appeared that the recently-departed, prior, Admin person had ordered from Target at that particular PC workstation, under generic login credentials (“Admin”), and Target was warning that the firstname.lastname@example.org address, and perhaps other information, might be compromised .
I notified the department’s Director, offering to draft an e-mail of warning regarding the Epsilon breach, and some things to watch for, to avoid, and some general cyber security tips. A point to the department’s IT Security Policy would have been nice too (if they had one).
The Director declined – and because I was there contracting on other matters, I concentrated on those. But… my gosh: In 2011, you miss an opportunity to reinforce security awareness and to propagate best practices in a vulnerable environment? Who can afford that?
The stats above are hardly surprising. If you are in a position of influence – whether government agency or private sector business – anything – never lose an opportunity to reinforce security awareness and best business practices.
Always remember this BTW principle:
In the realm of risk, unmanaged possibilities become probabilities.
On this day: In 1921, station KDKA broadcast the first radio sporting event: a boxing match; Ray vs. Dundee.