Amid all the news about the pandemic and the presidential transition in recent weeks, it was easy for many to miss the most significant cybersecurity story in years: the breach of Texas-based network monitoring company SolarWinds. Though ostensibly an attack on a single company, the breach provided an opening for bad actors to access the systems of a slew of U.S. government and private sector organizations.
Experts in the field are alarmed, in part, because we are still learning the full implications of this event and likely will be for months if not years. The public should be concerned, as well, but for reasons that go beyond this one incident. We need to be concerned about the general lack of understanding and preparation for cybersecurity incidents at all levels of government and industry.
There are two important steps we can take to help correct this: Furthering the public’s basic understanding of cybersecurity and bolstering our readiness against future attacks by boosting the talent pipeline in the field.
First, it’s essential for the basic language of cybersecurity to enter our public discourse. We regularly hear about breaches in the news, but what does that really mean? For most, it’s just a headline. Our lights are still on, ATMs are still running, and day-to-day business continues. In order for the public to better understand these incidents, we should all have a greater understanding of the “CIA triad,” which stands for: confidentiality, integrity and availability. These are three areas by which security professionals evaluate threats and vulnerabilities.
Confidentiality refers to keeping data private and secure. Many, if not most, of the cybersecurity incidents in the headlines fall into this category and are typically what we think of as hacks. We’ve become all too accustomed to hearing about such companies as Target, Equifax or Sony being hacked and bad actors gaining access to consumers’ financial information or sensitive company documents.
Integrity refers to the completeness and reliability of an organization’s secure data. It’s one thing to simply access or steal files; it’s another to tamper with them to the point that organizations can’t be sure of their reliability. Having the balance changed in your retirement account is an example of a breach of integrity.
Availability is the third, and in many cases, the most serious component of the CIA triad. Availability means systems and networks are up and running as normal. If they are not – either through an attack such as a distributed denial of service attack or perhaps a ransomware scenario – then the results could be dire. Having your hospital unavailable in a ransomware attack is an example of a breach of availability.
The recent SolarWinds episode was a breach of confidentiality and integrity. The bad actors gained access to the source code for SolarWinds’ flagship product, the Orion Platform, and were able to create a back door, i.e. the integrity. They then used that backdoor access to breach the networks of customers served by SolarWinds, i.e. the confidentiality. SolarWinds is a third-party partner to many of America’s largest private companies and federal government agencies, and it has very high-level access to its customers’ networks. The breach allowed someone – believed to be Russian – to access those organizations’ most secure systems. It was a reconnaissance mission. But we don’t yet know what they were seeking. The potential for integrity and availability issues down the road remains high.
Despite the ongoing threats, most organizations still do not have a robust cybersecurity team. The need for education and growing the profession is already great and only going to grow in the years ahead. We must encourage young people to take an interest in the field. Missouri is far behind the nation when it comes to computer science education at the high school level – only half of our schools teach a foundational computer science course, according to nonprofit Code.org. And the nation as a whole is behind the global community, despite the fact that the Bureau of Labor Statistics predicts a 31% increase in the need for information security analysts in the coming decade.
Technology is evolving by the minute and cybercriminals continue to advance their skills nearly as quickly. The onus is not only on the next generation of cybersecurity defenders to take up the mantle, but also on educators to ensure they’re trained and ready for battle.
Information security issues will only grow as our reliance on technology grows. Our society and educational systems should be ready to understand the threat and train more professionals to meet it head-on.
Shannon McMurtrey is an assistant professor of computer information systems at Drury University’s Breech School of Business. He can be reached at email@example.com.
A health care worker became a first-time business owner; a home baker decided to pursue a longtime dream of starting her own business; and Springfield-based Premier Choice Tax and Accounting Solutions LLC expanded its reach in Greene County.
Aaron Elliott never imagined he would get into medical device or create a self-defense fitness-based business. Now the co-owner of F8 Fitness and Self-Defense at the age of 46, he says Dr. Seuss nailed it on the head with “Oh, The Places You’ll Go.” He says as long as you have the passion for it, you can do anything.
Senior Vice President and Commercial Loan Manager of Arvest Bank Steve Kelly says now is the time to start looking at your financial situation—such as where you can cut back or prepare yourself for economic recovery.
John Lopez, managing member at Old Route 66 Dispensary, talks through the Dispensary’s decisions to manufacture and transport its own goods. Lopez says the ultimate goal is to cut the cost of their product by around 30-50%. John Lopez is a Springfield Business Journal 2020 12 People You Need to Know.
The COVID-19 pandemic has had a variety of impacts on the labor force, with some businesses doing well and others taking a hit. Elizabeth Hurts, business development manager at HR Advantage, says as much as we look forward to moving on, the effects of the pandemic aren’t over.
Mackenzie Scherer, small business technology consultant and owner of Mackenzie Scherer, LLC, discusses how scheduling software can help you keep ahead of your to-do list. Technology like chatbots and email templates...
Molly McCleary, owner and farmer of Maypop Flower Farm, says she’s seen edible flowers used many ways in different areas of the country. McCleary was initially contacted by several bakers, but says …
Carley Joy, sales and marketing director of SafeSpace Company says she and her father, CEO Rick Williams, have an honest and open communication style. Williams says the key is never to take things …
Brad Noble, co-founder of Art of Everyone, says art is the one thing that remains open to expression. He says art goes beyond the activity and helps build connections between people. Springfield …
Carol Taylor, former president of Evangel University, tells features editor Christine Temple about the new challenges she faced leading students, staff and faculty through a year of learning in a …
Michelle Romero, owner of PKD Venue, says because of her busy schedule, using social media has helped her marketing efforts. Incorporating your journey, including struggles as well as victories, can …