But they may not have that luxury any longer – not since the federal government and the White House, specifically, have escalated their focus on cybersecurity.
First, President Barack Obama addressed the issue during his State of the Union address earlier this month, declaring, “No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids.”
To back up his comments, the president also submitted a budget proposal that allocates funding toward combating cyberattacks. In the initial proposal, the president called for cybersecurity spending to increase by 10 percent to $14 billion – all in an effort to improve detection of and response to the kinds of massive attacks that have plagued both the public and private sector over the last year.
Specifically, the budget proposal calls for:
- Improved data sharing
- Increased monitoring and diagnostics of federal computer networks
- More widespread deployment of the EINSTEIN intrusion detection and prevention system
- Government-wide testing and incident-response training
- New teams of engineers and technology consultants
In the White House’s explanation of these budget items, it said, “Cyber threats targeting the private sector, critical infrastructure and the federal government demonstrate that no sector, network or system is immune to infiltration by those seeking to steal commercial or government secrets and property or perpetrate malicious and disruptive activity.”
The cybersecurity community has largely lauded the budget and the government’s increased attention to the issue, and some have pointed out additional ways the public sector could help. Tony Cole, vice president at security firm FireEye, told U.S. News and World Report that he is in favor of a federal data breach notification standard, which he says would “raise awareness about the issue at companies by making it a bigger part of company policy.”
What Cole is suggesting seems similar to the existing government mandates around the HIPAA Act. If healthcare providers suffer a data breach affecting 500 or more patients, they are required to disclose the incident to the Department of Health and Human Services, which tracks breaches on its site. Providers are also required to pay fines, ranging from $100 per violation up to $50,000 when the incident is due to “willful neglect” and is not corrected.
Would such a system work outside of the healthcare industry? At the very least, it would be an additional incentive for private sector technology administrators to get their network security houses in order.
Cole also said he thinks businesses need to allocate more of their own resources toward network security. And he’s right. Technology administrators are more likely to successfully defend their networks when they deploy a suite of different solutions, ranging from VPNs with central management capabilities to firewalls and other intrusion-detection systems. In a defense-in-depth model such as this, where all platforms work together as fail-safes, the chances of a successful attack are far less likely.
Together, between these improvements at the business level, and the government raising awareness of pervasive threats and the need to combat them, we’ll all be better protected.
Want to learn more about securing M2M communications? Join us for our webinar “Managing Secure Communications in M2M Environments,” 2 p.m. EST, Tuesday, February 24, or download our new whitepaper:
In Managing Secure Communications in M2M Environments, we cover:
– How to choose a connection method that’s right for your application.
– How to configure end devices so they can perform authentication steps.
– How to manage VPN configurations and updates without human interaction.