Cybercrime isn’t limited to just consumers and corporations. Cybercrime affects the government and NGOs as well. In a video interview with TechRepublic’s Dan Patterson, Paul Rosen, former Chief of Staff at the Department of Homeland Security and partner at Crowell & Moring, shares what businesses can learn from the government’s experience and response to cyberthreats.
“At the end of the day, when it comes to cybersecurity, working together is really how we’re going to tackle the challenge,” Rosen said.
SEE: Hiring kit: Data architect (Tech Pro Research)
He discussed how the U.S. government worked with private sectors and foreign governments when dealing with threats. As a way to cut cybersecurity costs, the organizations shared trend information back and forth so that a piece of malware would be successful as few times as possible and quickly get stopped.
Rosen believes there are three elements to dealing with cybersecurity threats: plan, prepare and practice.
Companies need to have a plan already in place so that they don’t have to react on the fly amid a crisis. They can do that by knowing their team’s skill level, how to get the facts about a threat, and who the cybersecurity experts are outside of their organization.
He stressed the importance of practicing incident response plans. When Rosen was at the Department of Homeland Security, they practiced incidents and responses with “everything from hurricanes to cybersecurity attacks.”
Rosen walked through the steps of what happens once the government detects a cyberattack or data breach. The first reaction is to find out what exactly happened and gather as many facts as they can. Then they form a response, mitigate any threat and make sure it doesn’t become active. If it is active, they take the steps to weaken the threat as much as possible.
He noted that working with the private sector along the way was key to combatting a cyberattack.
SEE: Infographic: Almost half of companies say cybersecurity readiness has improved in the past year (Tech Pro Research)
Cybersecurity challenges are not going away anytime soon. In order for companies to stay ahead they need to expect the unexpected. “[Cybersecurity threats] don’t just affect one business, or one state or one country.”
“Everything from patching networks, to encrypting sensitive information to having a plan and practicing a plan–those are just some examples of some steps companies should really be thinking about because this world of global cybersecurity threats is certainly here to stay.”
More security news:
- Cyberweapons are now in play: From US sabotage of a North Korean missile test to hacked emergency sirens in Dallas (TechRepublic)
- Ukraine is a test bed for global cyberattacks that will target major infrastructure (TechRepublic)
- Interview with a hacker: Kapustkiy from New World Hackers (TechRepublic)
- Get ready for the rise of spymail, the hottest trend in email hacking (TechRepublic)
- How to become a master cyber-sleuth (TechRepublic)
- From Russia with Tech: The top 5 most interesting Russian startups (TechRepublic)
- Video: Top 5 ways to track data breaches (TechRepublic)
- Get an inside look at the exploit infrastructure (TechRepublic)
- US government pushed tech firms to hand over source code (ZDNet)
- Microsoft’s new Middle East chief: Why cloud and security are our big focus (ZDNet)
- Meet the shadowy tech brokers that deliver your data to the NSA (ZDNet)
- Security awareness and training policy (Tech Pro Research)
- Employee political activity policy (Tech Pro Research)
- IT consultant code of conduct (Tech Pro Research)