AmTrust Workplace
print   email   Share

An Enterprise-Wide Cybersecurity Plan: A Crucial Step For Protecting Data

In October 2014, online criminals breached the U.S. Department of the Interior and accessed the Office of Personnel Management's databases to steal sensitive personal information on more than 22 million current and former federal employees. The Department did not discover the breach until April 2015.

Recently, the Office of the Inspector General (OIG) of the Interior Department issued a report stating that the organization still has gaps in its cybersecurity. The report found that the incident response program of the Office of the Chief Information Officer (OCIO) was unable to identify "some of the most basic threats from inside the enterprise network." As a result, the organization could not address threats quickly, which left their systems vulnerable for months at a time.

For example, the OIG investigation found that a U.S. Geological Survey (USGS) employee exposed his organization to malware by watching pornography on an agency workstation. The employee's computer was infected with Russian malware that was attempting to communicate with command and control websites in Russia. Jory Heckman "IG: Interior Dept. computer infected with malware after employee surfed porn sites," federalnewsradio.com (Apr. 09, 2018). 


Commentary and Checklist

To have effective cybersecurity, organizations must assess and plan for cybersecurity threats on an enterprise-wide level. It is not enough to address threats individually, on an ad hoc basis. Removing malware from a single computer will not be effective at stopping a breach if the malware has already spread to the entire network.

It is important to work with cybersecurity experts to look at your organization’s vulnerabilities and create a plan that addresses them. Because hackers are increasingly focusing on breaching entire networks, organizations must have an enterprise-wide cybersecurity plan in place to stay protected.

The report also found that the OCIO did not have cybersecurity employees actively looking for enterprise-wide cybersecurity threats, but instead relied on automated cyber alert systems. According to the OIG, automated systems are not very accurate, and employees need to analyze alerts, events, and active processes from across the network in order to find hidden cybersecurity threats. Utilize in-house cybersecurity experts so that you can monitor network traffic in real time to spot and address threats as quickly as possible.

Another problem that the report found was that the OCIO would patch malware-infected computers and start using them again right away. The OGI recommended removing infected computers from the network and conducting a thorough cyberthreat analysis on them before putting them back into use.

Enterprise-wide cybersecurity plans may take years to implement, and employing a cybersecurity team is costly. However, it is far better to do so and achieve greater cybersecurity in the future, than to try to avoid the cost and time only to face an even more costly and time-consuming data breach.

Finally, your opinion is important to us. Please complete the opinion survey:

Are you a new user?

Register Here

 

Retrieve Password

Recent News

CEO And CFO Fraud Creates Exposures For Boards

The SEC finds two Silicon Valley company officers committed a $700 million fraud. What oversight was missing that led to this enormous fraud? We examine. Read More

Are Your IoT Devices Vulnerable To Attack?

Too often organizations and individuals forget to secure IoT devices, which hackers can breach to access network-connected computers. We examine. Read More

An Enterprise-Wide Cybersecurity Plan: A Crucial Step For Protecting Data

Not having a cybersecurity plan with human oversight left the U.S. Department of the Interior vulnerable to data breaches. We examine what this means for your organization. Read More

Recent Articles

How Managers And Supervisors Can Take Training To A Higher Level Of Effectiveness

A safe workplace depends on trained managers and employees, but a manager's follow-up with employees is the key. Leslie Zieren, Esq. discusses the issue. Read More

ADA, HIPAA, And GINA: Employers And Medical Information

Several laws affect how employers manage employee medical information. Leslie Zieren, Esq. reviews the issue. Read More

Should Employees Require Customers Speak A Language Other Than English? You Make The Call

An employee refuses to speak English to a customer and is fired. Is this right? You make the call and join the conversation. Read More