Do you believe that IT security in private enterprise is a national security issue? I do and would love to hear your thoughts. You might want to take a look at the Airport WiFi and Financial District wireless vulnerability studies that AirTight performed recently to see just how badly some organizations are following b est practices when it comes to wireless security.
It appears that in some quarters folks felt that the President did not tell us anything we did not know in his speech on Friday about cyber security. I think we need to understand, however, that the key phrase there is “anything WE did not know.” At times we who work in technology live in a bubble and assume that everyone understands what we understand. But technology or cyber security is our business – it is not the core business of the financial institution, the hospital, the school, the utility etc. Sure most of these institutions have hired IT folks to run their networks, but they have also given them budgets which frequently have them making hard choices. The sheer number of reported breaches should give us a clue about those hard choices or how important it is to continue to educate employees, even those in technology about best practices and what solutions are available to manage security policy.
Naturally since AirTight provides wireless intrusion prevention, I was gratified to hear the President mention the wireless which is all around us. As wireless swiftly becomes the platform of choice for mobile employees and their companies to provide 24/7 access and efficiency, it is also becoming the vector of choice for attacks. But since Mr. Obama also said that he does not intend to legislate IT security to private enterprise, it is encumbant on the enterprise to police itself since it is a great deal more than just government entities which are at risk – our financial, utility infrastructure and health systems for example are as well.
Just think what would happen if organized cyber criminals could bring down our banks, even one at a time. (Well maybe that is not a good example since they seem to have brought themselves down.) Or could they shut down air control systems or maybe just shut off the runway lights.
What do you think is the best way for organizations to protect themselves from cyber threats.