Cyber crime is on the rise. In the U.S. alone, McDonalds, Colonial Pipeline, SolarWinds, and JBS Foods were all recently forced to pay millions due to ransomware attacks that compromised their data. Former Cisco Systems CEO John Chambers predicts an onslaught of up to 100,000 ransomware attacks this year alone, which could cost organizations an average of $170,000 USD each.
The absence of cyber security standards contributes to the problem. Almost all organizations invest in security procedures to protect their physical property from intruders. However, the threats to digital property are just as real, with fewer organizations developing adequate protocols to safeguard these assets. It’s not hard to understand why. Cyber security technology is complex and ever-evolving, and so are the threats. Keeping up with these changes is not easy or cheap.
Voluntary Standards Are Not Enough
Despite the growing wave of cyber attacks, the U.S. requires very few of the sixteen most vital industry sectors to meet minimum cyber security requirements. With threats increasing, 86% of the Cybersecurity 202 Network—a panel of more than 100 cybersecurity experts—said that the government should require organizations in “critical industry sectors” to meet minimum cyber security standards, according to a recent survey from the Washington Post.
While officials in the past considered voluntary standards good enough, that attitude is quickly changing. The U.S. government may soon require organizations considered critical to the nation’s interest to follow a defined set of cyber security standards. According to CNBC, a recent memo from the White House warned businesses that “the threats are serious and they are increasing.” The memo highlighted a number of best practices organizations can take to protect themselves from ransomware, including backing up data, systems images, and configurations, as well as regular testing and network segmentation.
“If a company has done proper segmentation, every time the bad guys try to cross a segment you get the opportunity to detect them before they can trigger the malware,” Michael Daniel, president and CEO of the Cyber Threat Alliance, told CNBC. “By employing this practice you make yourself more resilient against having a successful ransomware attack launched against you, and if you do have one you’re usually able to mitigate the damage and recover much more quickly. This is what gives companies a lot more options than believing they have to pay the ransomware.”
A Problem Organizations Must Manage
Because a lack of universal cyber security standards is precisely what criminals are taking advantage of, it’s vital that governments and organizations develop them soon. In the meantime, organizations must grapple with cyber crime on their own. Those with mature cyber security strategies look at it as a threat they must manage rather than a problem to solve after it happens.
“For some risk you employ technology, for some you buy insurance,” Daniel told CNBC. “The point is that a company is actively managing the risk, not just hoping that something bad doesn’t happen to them.”
Practical, Real-World Cyber Security Skills Training: The Cybersecurity Nexus (CSX) Training Platform Brought to You by IEEE
IEEE has partnered with ISACA, an international professional association focused on IT governance, to provide the cloud-based Cybersecurity Nexus (CSX) Training Platform to organizations, adding to our portfolio of training offered to professionals working to keep organizations secure from cyber attacks. Organizations can now provide real-world cyber security training for their IT staff and build real technical skills to help combat real threats.
This unique cloud-based training platform offers 24/7 access to:
Instructional courses and hands-on labs in a sandbox environment that safely replicates the real cyber-threatened world practitioners work in every day, which enables technical teams to build, practice, and test their skills in a live environment
Technical skill set training for any level of experience, from beginner to advanced
An enterprise dashboard to review team training performance with real-time progress tracking
300+ Continuing Professional Education (CPE) skills-based credit hours that can be applied to the CSX-P and other certifications
In addition, the product offers the Cybersecurity Nexus (CSX) Skills Assessment Tool and the CSX Cybersecurity Practitioner (CSX-P) Certification Prep Course and Exam. The CSX-P remains the first and only comprehensive performance certification testing one’s ability to perform globally validated cyber security skills.
Contact an IEEE Account Specialist today to learn how you can help your employees and IT professionals build critical technical cyber security skills.
Train Employees to Create a Security Culture
Join IEEE and ISACA on 22 June 2021 at 1PM ET for a free live session to get an understanding of the current cyber security trends that will help you determine the level of cyber threats to your organization. Learn what it will take to create an effective cyber strategy and security culture within your workforce.
Hum, Thomas. (14 June 2021). Over 65,000 ransomware attacks expected in 2021: former Cisco CEO. Yahoo!finance
Caminiti, Susan. (11 June 2021). Cyber standards are key in battling ransomware attacks. CNBC.
Marks, Joseph. (11 June 2021). The Cybersecurity 202: Our expert network says it’s time for more cybersecurity regulations. Washington Post.