Amid all the news about the pandemic and the presidential transition in recent weeks, it was easy for many to miss the most significant cybersecurity story in years: the breach of Texas-based network monitoring company SolarWinds. Though ostensibly an attack on a single company, the breach provided an opening for bad actors to access the systems of a slew of U.S. government and private sector organizations.
Experts in the field are alarmed, in part, because we are still learning the full implications of this event and likely will be for months if not years. The public should be concerned, as well, but for reasons that go beyond this one incident. We need to be concerned about the general lack of understanding and preparation for cybersecurity incidents at all levels of government and industry.
There are two important steps we can take to help correct this: Furthering the public’s basic understanding of cybersecurity and bolstering our readiness against future attacks by boosting the talent pipeline in the field.
First, it’s essential for the basic language of cybersecurity to enter our public discourse. We regularly hear about breaches in the news, but what does that really mean? For most, it’s just a headline. Our lights are still on, ATMs are still running, and day-to-day business continues. In order for the public to better understand these incidents, we should all have a greater understanding of the “CIA triad,” which stands for: confidentiality, integrity and availability. These are three areas by which security professionals evaluate threats and vulnerabilities.
Confidentiality refers to keeping data private and secure. Many, if not most, of the cybersecurity incidents in the headlines fall into this category and are typically what we think of as hacks. We’ve become all too accustomed to hearing about such companies as Target, Equifax or Sony being hacked and bad actors gaining access to consumers’ financial information or sensitive company documents.
Integrity refers to the completeness and reliability of an organization’s secure data. It’s one thing to simply access or steal files; it’s another to tamper with them to the point that organizations can’t be sure of their reliability. Having the balance changed in your retirement account is an example of a breach of integrity.
Availability is the third, and in many cases, the most serious component of the CIA triad. Availability means systems and networks are up and running as normal. If they are not – either through an attack such as a distributed denial of service attack or perhaps a ransomware scenario – then the results could be dire. Having your hospital unavailable in a ransomware attack is an example of a breach of availability.
The recent SolarWinds episode was a breach of confidentiality and integrity. The bad actors gained access to the source code for SolarWinds’ flagship product, the Orion Platform, and were able to create a back door, i.e. the integrity. They then used that backdoor access to breach the networks of customers served by SolarWinds, i.e. the confidentiality. SolarWinds is a third-party partner to many of America’s largest private companies and federal government agencies, and it has very high-level access to its customers’ networks. The breach allowed someone – believed to be Russian – to access those organizations’ most secure systems. It was a reconnaissance mission. But we don’t yet know what they were seeking. The potential for integrity and availability issues down the road remains high.
Despite the ongoing threats, most organizations still do not have a robust cybersecurity team. The need for education and growing the profession is already great and only going to grow in the years ahead. We must encourage young people to take an interest in the field. Missouri is far behind the nation when it comes to computer science education at the high school level – only half of our schools teach a foundational computer science course, according to nonprofit Code.org. And the nation as a whole is behind the global community, despite the fact that the Bureau of Labor Statistics predicts a 31% increase in the need for information security analysts in the coming decade.
Technology is evolving by the minute and cybercriminals continue to advance their skills nearly as quickly. The onus is not only on the next generation of cybersecurity defenders to take up the mantle, but also on educators to ensure they’re trained and ready for battle.
Information security issues will only grow as our reliance on technology grows. Our society and educational systems should be ready to understand the threat and train more professionals to meet it head-on.
Shannon McMurtrey is an assistant professor of computer information systems at Drury University’s Breech School of Business. He can be reached at email@example.com.
The local chapter of the National Alliance on Mental Illness moved; the newest clinic for Burrell Behavioral Health opened; and Prickly Cactus Coffee relocated.
Marc Thornsberry, a Senior Engineer at CJW, says he joined the company after working in the public sphere. He says CJW had a ton of experience working with the community, and putting their customer's and clients.
Sandra Smart, a technology and commercialization specialist, shares helpful advice and cautionary tips about the importance of tracking cash flow for new or established businesses. Smart works with tech entrepreneurs and hosts training workshops through the Missouri SBDC at Missouri State University's efactory.
Michael Smith and Chris Sawyer, COO and CEO of Next Level Solutions respectively, discuss how they keep their remote teams and offices in and out of country on the same page. Next Level Solutions was ranked #1 in the Springfield Business Journal's 2021 Dynamic Dozen.
John Oke-Thomas, architect and co-founder of minorities in business, responds to the accusation that minority businesses are only successful because of the priority they have received in lending. He says that if a business uses a loan well, it shows their worth.
Sandra Smart, a technology and commercialization specialist, shares tips for entrepreneurs who are ready to seek funding. Some of her tips apply broadly; some target technology industry businesses. Smart works with tech entrepreneurs and startups, and hosts training workshops through the Missouri SBDC at Missouri State University's efactory.
Hollie Elliott discusses common misconceptions about locating your business in a small town. She says that there are a lot of benefits that people may not consider.
Drawing on his own experience dynamically evolving his company and business model, Jim Meinsen discusses when and how you might need to draw on new technology. Jim and Debbie Meinsen are co-owners of TCI Graphics in Springfield.
John Oke-Thomas, longtime Springfield architect, discusses his philosophy on architecture. He says that future historians will be focused on the sustainability of our contemporary architecture.
Erin Hedlun, director of marketing and communications at Evangel University, says compassion is an important job skill. Hedlun says it is a component of what makes a leader.
Rachel Barks, owner of Artistree Pottery, talks about the concepting that went behind the aesthetic of the business.