print   email   Share

An Enterprise-Wide Cybersecurity Plan: A Crucial Step For Protecting Data

In October 2014, online criminals breached the U.S. Department of the Interior and accessed the Office of Personnel Management's databases to steal sensitive personal information on more than 22 million current and former federal employees. The Department did not discover the breach until April 2015.

Recently, the Office of the Inspector General (OIG) of the Interior Department issued a report stating that the organization still has gaps in its cybersecurity. The report found that the incident response program of the Office of the Chief Information Officer (OCIO) was unable to identify "some of the most basic threats from inside the enterprise network." As a result, the organization could not address threats quickly, which left their systems vulnerable for months at a time.

For example, the OIG investigation found that a U.S. Geological Survey (USGS) employee exposed his organization to malware by watching pornography on an agency workstation. The employee's computer was infected with Russian malware that was attempting to communicate with command and control websites in Russia. Jory Heckman "IG: Interior Dept. computer infected with malware after employee surfed porn sites," (Apr. 09, 2018). 

Commentary and Checklist

To have effective cybersecurity, organizations must assess and plan for cybersecurity threats on an enterprise-wide level. It is not enough to address threats individually, on an ad hoc basis. Removing malware from a single computer will not be effective at stopping a breach if the malware has already spread to the entire network.

It is important to work with cybersecurity experts to look at your organization’s vulnerabilities and create a plan that addresses them. Because hackers are increasingly focusing on breaching entire networks, organizations must have an enterprise-wide cybersecurity plan in place to stay protected.

The report also found that the OCIO did not have cybersecurity employees actively looking for enterprise-wide cybersecurity threats, but instead relied on automated cyber alert systems. According to the OIG, automated systems are not very accurate, and employees need to analyze alerts, events, and active processes from across the network in order to find hidden cybersecurity threats. Utilize in-house cybersecurity experts so that you can monitor network traffic in real time to spot and address threats as quickly as possible.

Another problem that the report found was that the OCIO would patch malware-infected computers and start using them again right away. The OGI recommended removing infected computers from the network and conducting a thorough cyberthreat analysis on them before putting them back into use.

Enterprise-wide cybersecurity plans may take years to implement, and employing a cybersecurity team is costly. However, it is far better to do so and achieve greater cybersecurity in the future, than to try to avoid the cost and time only to face an even more costly and time-consuming data breach.

Finally, your opinion is important to us. Please complete the opinion survey: