With the US Senate giving priority to the new cybersecurity bill, a comprehensive piece of legislation that is ‘designed to fortify the nation’s public and private IT systems,’ cliches such as ‘digital pearl harbour’ and ‘cyber 9/11’ that have been used extensively throughout the media for the last decade no longer seem tired and have taken on a much more sinister, serious and real nature.
Janet Napolitano, secretary of the Department of Homeland Security, said that the USA’s infrastructure is currently vulnerable to a targeted cyber attack:
Napolitano is picking up the baton, saying that better cybersecurity legislation is needed and that the United States’ critical infrastructure–utilities, air traffic control, financial systems–are vulnerable to major attacks.
We shouldn’t wait – what can YOU do, NOW?
The legislation, once passed, will strengthen existing cybersecurity laws. But we shouldn’t wait according to Napolitano. “We shouldn’t wait until there is a 9/11 in the cyber world. There are things we can and should be doing right now that, if not prevent, would mitigate the extent of damage,” said Napolitano in a cybersecurity discussion.
So what can you do, now, to protect your organisation from the threat of serious attack?
Penetration testing of networks and web applications can highlight vulnerabilities before they are exploited and controls can then be put in place. A penetration test involves attacking a network or specific device to discover vulnerabilities. The typical pen test is conducted by an experienced ‘ethical hacker’. A company such as IT Governance can help you with this crucial test of your organisation’s vulnerability – visit their website for penetration testing help and resources.
Cybersecurity Risk Management
A thorough review of the threats and vulnerabilities of your organisation’s assets – compliant to the international standard ISO27001 – is now within easy reach, without the manual hassle and spread sheets from hell, using modern software tools. For example, vsRisk™ can help you set up an ISO27001 information security management system (ISMS), by identifying the threats and vulnerabilities to your organisation’s assets and then applying controls to bring the level of risk down to acceptable levels. Find out more information on vsRisk, including a free 15 day trial.
If you’re just at a stage where you require more information, download our Free Cybersecurity White Paper here, which includes a 7 step Cybersecurity strategy every organisation should adopt.