September 10, 2012, 1:10 PM — Cybersecurity events make splashy news headlines, with damages from data breaches running in the millions of dollars and the spectre of attacks on government agencies and critical infrastructure looming large. Here's what you need to know about cybersecurity and cyber threats.
What is cybersecurity?
How much does the typical data breach cost a company?
What's the best security certification to have on a resume?
What are some common security exploits?
Is the U.S. prepared for cyber threats?
What is the U.S. government doing about cybersecurity?
What are some good resources for finding cybersecurity help
"ICS-CERT Incident Response Summary Report, 2009-2001," ICS-CERT
"Second Annual Cost of Cyber Crime Study Benchmark Study of U.S. Companies," Ponemon Institute
"Rise Is Seen in Cyberattacks Targeting U.S. Infrastructure," The New York Times
The term cybersecurity is broadly applied to prevention of and preparedness for attacks on networks and computers, including data breaches, hacking attacks, phishing and social engineering, as well as threats to critical infrastructure. Typically the term is used when referring to threats on a national or international scale, or attacks on government agencies, or when losses reach into the millions of dollars.
According to the Ponemon Institute's 2011 Cost of Data Breach Study, the average cost of a data breach was $5.5 million. This breaks down to a cost per compromised record of $194. The silver lining is that data breach costs actually went down in 2011 for the first time, which signals that companies are getting "better at managing the costs incurred to respond and resolve a data breach incident."
Do you know your CSS from your DDOS? The Government Accountability Office (GAO) compiled this handy list of terms and definitions.
The bad news: According to a cybersecurity study from McAfee and Security & Defence Agenda, no country is keeping pace with the "bad guys". Of the 23 countries ranked by the study, Israel, Sweden and Finland came out on top, with 4.5 stars out of five. The U.S. earned 4 stars.
While it's generally agreed that the U.S. is at risk of cyberattack on its critical infrastructure, 'no comprehensive cybersecurity legislation has been enacted since 2002.' The most recent proposed legislation, the Obama-backed Cybersecurity Act of 2012, was voted down by Congress in August. Senator John McCain said the bill gives too much power to the Department of Homeland Security. Other opponents say it 'adds unnecessary government regulations that would get in the way of running businesses efficiently.' Meanwhile, Sen. Dianne Feinstein (D-Calif.), has urged President Obama to issue executive order on cybersecurity. And presidential candidate Mitt Romney's stance on cybersecurity has yet to be articulated.
Related reading: Does a cyber-9/11 loom?
There is no shortage of cybersecurity resources. In fact, there are so many that the GAO has stepped in to help you sort through them to find those that will be the most help to your organization. Here are some of the key groups you should know about.