Steve Ranger, a member of ZDNet’s global editorial board, writes “Serious security: Three changes that could turn the tide on hackers” in an effort to echo the urgency of initial steps that must be taken to combat the rapidly increase of hacking. One of the shocking things that I learn reading this article is that $75 billion was spent on tech security last year; however, that didn’t prevent many people and organizations to overlook cyber security. For example, Steve state that,” It’s become so bad that it’s already generated a mirthless cliché — that there are only two types of companies: the ones that have been hacked and the ones that don’t yet know they’ve been hacked.”
Especially nowadays, cyber security should not be considered as an afterthought by anyone and Steve offers three suggestions as starting points:
- The general public or consumers should start taking I.T. security more seriously in order for companies to do the same.
- Organizations should design security as a fundamental part of the services for clients rather than a nice-to-have addition.
- It is definitely time for strong encryption to be the standard as opposed to an exception.
You may read the full article via the link below.
http://www.zdnet.com/article/serious-security-three-changes-that-could-turn-the-tide-on-hackers/
Having a month dedicated to cyber security has been a good idea. At work, we have been bombarded with messages regarding Cyber Security national awareness month. I believe the general public is becoming more aware with IT security in general. Organizations need to continue sending messages out so that more people will become interested in security and research the topics themselves.
The important thing that you alluded to Ahmed, is the security culture of the organization or a nation. Even in organizations who provide training to their staffs on a quarterly or annual base, like the military, I find that it’s merely a check in the box. Most people do it because they have to and completion of cyber training, doesn’t mean that they understand the importance and the severity of the impacts that it may have on the organization. I think there’s a major lag between awareness and actual practice. Yes, everybody knows that they are suppose to create strong passwords, don’t click on phishing emails, etc., but do they really do it is the big problem. Yeah, accidents might happen – but it probably didn’t happen because of the lack of awareness.
I believe the business climate enables cyber-security awareness that lacks actual practice. To the non-technical business person, in my experience it seems that cyber attacks remain a somewhat mythical thing, even though news reports continue to surface daily about new hacks. Until the company is actually victimized, many business practitioners feel that making end users aware of phishing schemes and strong passwords are enough to mitigate against attacks. My company has a security awareness campaign, and claim to be cyber “aware”. However I noticed my manager’s computer is still running XP! It seems many company’s are not really putting their money where there mouth is and investing in a legitimate cyber secure infrastructure until they have already been victimized.