[caption id="attachment_903" align="alignleft" width="300" caption="U.S. Government"]
[/caption]
If you were under the impression that all is well with your network security and that your data, financial records and your bank accounts are safe from cybercrime, you may want to rethink that.
According to the U.S. Government's Congressional Findings in the report below Businesses in the United States are bearing enormous losses as a result of criminal cyber-attacks, depriving businesses of hard-earned profits that could be reinvested in further job-producing innovation.
And the reason you have not heard more about the damaging results of specific cyberheists or cybercrime in general is As of 2011, the level of public awareness of cyber security threats is unacceptably low. Only a tiny portion of relevant cyber security information is released to the public Information about attacks on private systems is ordinarily kept confidential. - 112th U.S. Congress (April 2011)
This blog post contains the pertinent and relevant excerpts (and a link to the original document) for private business, public companies and other non-governmental bodies from the 112th Congress, Cyber Security Public Awareness Act of 2011, as presented to the U.S. Senate.
If you are in charge of network security for your organization, or if you own a business or run any operation that uses the Internet, be advised that it is imperative that you raise the Internet Security Awareness of all personnel that have online access: 79% of all network security failures are due to the human factor - (Deloitte and Touche Global Security Survey)
Here are the relevant excerpts from the Congressional Record:
112th CONGRESS
1st Session
S. 813
To promote public awareness of cyber security - IN THE SENATE OF THE UNITED STATES
April 13, 2011
SEC. 2. FINDINGS.
(a) Congress finds the following:
(1) Information technology is central to the effectiveness, efficiency, and reliability of the industry and commercial services, Armed Forces and national security systems, and the critical infrastructure of the United States.
(2) Cyber criminals, terrorists, and agents of foreign powers have taken advantage of the connectivity of the United States to inflict substantial damage to the economic and national security interests of the Nation.
(3) The cyber security threat is sophisticated, relentless, and massive, exposing all consumers in the United States to the risk of substantial harm.
(4) Businesses in the United States are bearing enormous losses as a result of criminal cyber attacks, depriving businesses of hard-earned profits that could be reinvested in further job-producing innovation.
(5) Hackers continuously probe the networks of Federal and State agencies, the Armed Forces, and the commercial industrial base of the Armed Forces, and already have caused substantial damage and compromised sensitive and classified information.
(6) Severe cyber security threats will continue, and will likely grow, as the economy of the United States grows more connected, criminals become increasingly sophisticated in efforts to steal from consumers, industries, and businesses in the United States, and terrorists and foreign nations continue to use cyberspace as a means of attack against the national and economic security of the United States.
(7) Public awareness of cyber security threats is essential to cyber security defense. Only a well-informed public and Congress can make the decisions necessary to protect consumers, industries, and the national and economic security of the United States.
(8) As of 2011, the level of public awareness of cyber security threats is unacceptably low. Only a tiny portion of relevant cyber security information is released to the public. Information about attacks on Federal Government systems is usually classified. Information about attacks on private systems is ordinarily kept confidential. Sufficient mechanisms do not exist to provide meaningful threat reports to the public in unclassified and anonymized form.
SEC. 6. CYBERCRIME REPORTING TO SHAREHOLDERS.
(1) The extent of financial risk to issuers of securities caused by cyber intrusions or other cybercrimes, and any resulting legal liability; and
(2) Whether current financial statements of issuers transparently reflect the risk described in paragraph (1) to shareholders.
SEC. 10. IMPEDIMENTS TO PUBLIC AWARENESS.
(1) legal or other impediments to appropriate public awareness of--
(A) the nature of, methods of propagation of, and damage caused by common cyber security threats such as computer viruses, phishing techniques, and malware;
(B) the minimal standards of computer security necessary for responsible Internet use; and
(C) the availability of commercial off the shelf technology that allows consumers to meet such levels of computer security;
(2) a summary of the plans of the Secretary of Homeland Security to enhance public awareness of common cyber security threats, including a description of the metrics used by the Department of Homeland Security for evaluating the efficacy of public awareness campaigns; and
(3) recommendations for congressional actions to address these impediments to appropriate public awareness of common cyber security threats.
Stu Sjouwerman
KnowBe4
[/caption]If you were under the impression that all is well with your network security and that your data, financial records and your bank accounts are safe from cybercrime, you may want to rethink that.
According to the U.S. Government's Congressional Findings in the report below Businesses in the United States are bearing enormous losses as a result of criminal cyber-attacks, depriving businesses of hard-earned profits that could be reinvested in further job-producing innovation.
And the reason you have not heard more about the damaging results of specific cyberheists or cybercrime in general is As of 2011, the level of public awareness of cyber security threats is unacceptably low. Only a tiny portion of relevant cyber security information is released to the public Information about attacks on private systems is ordinarily kept confidential. - 112th U.S. Congress (April 2011)
This blog post contains the pertinent and relevant excerpts (and a link to the original document) for private business, public companies and other non-governmental bodies from the 112th Congress, Cyber Security Public Awareness Act of 2011, as presented to the U.S. Senate.
If you are in charge of network security for your organization, or if you own a business or run any operation that uses the Internet, be advised that it is imperative that you raise the Internet Security Awareness of all personnel that have online access: 79% of all network security failures are due to the human factor - (Deloitte and Touche Global Security Survey)
Here are the relevant excerpts from the Congressional Record:
112th CONGRESS
1st Session
S. 813
To promote public awareness of cyber security - IN THE SENATE OF THE UNITED STATES
April 13, 2011
SEC. 2. FINDINGS.
(a) Congress finds the following:
(1) Information technology is central to the effectiveness, efficiency, and reliability of the industry and commercial services, Armed Forces and national security systems, and the critical infrastructure of the United States.
(2) Cyber criminals, terrorists, and agents of foreign powers have taken advantage of the connectivity of the United States to inflict substantial damage to the economic and national security interests of the Nation.
(3) The cyber security threat is sophisticated, relentless, and massive, exposing all consumers in the United States to the risk of substantial harm.
(4) Businesses in the United States are bearing enormous losses as a result of criminal cyber attacks, depriving businesses of hard-earned profits that could be reinvested in further job-producing innovation.
(5) Hackers continuously probe the networks of Federal and State agencies, the Armed Forces, and the commercial industrial base of the Armed Forces, and already have caused substantial damage and compromised sensitive and classified information.
(6) Severe cyber security threats will continue, and will likely grow, as the economy of the United States grows more connected, criminals become increasingly sophisticated in efforts to steal from consumers, industries, and businesses in the United States, and terrorists and foreign nations continue to use cyberspace as a means of attack against the national and economic security of the United States.
(7) Public awareness of cyber security threats is essential to cyber security defense. Only a well-informed public and Congress can make the decisions necessary to protect consumers, industries, and the national and economic security of the United States.
(8) As of 2011, the level of public awareness of cyber security threats is unacceptably low. Only a tiny portion of relevant cyber security information is released to the public. Information about attacks on Federal Government systems is usually classified. Information about attacks on private systems is ordinarily kept confidential. Sufficient mechanisms do not exist to provide meaningful threat reports to the public in unclassified and anonymized form.
SEC. 6. CYBERCRIME REPORTING TO SHAREHOLDERS.
(1) The extent of financial risk to issuers of securities caused by cyber intrusions or other cybercrimes, and any resulting legal liability; and
(2) Whether current financial statements of issuers transparently reflect the risk described in paragraph (1) to shareholders.
SEC. 10. IMPEDIMENTS TO PUBLIC AWARENESS.
(1) legal or other impediments to appropriate public awareness of--
(A) the nature of, methods of propagation of, and damage caused by common cyber security threats such as computer viruses, phishing techniques, and malware;
(B) the minimal standards of computer security necessary for responsible Internet use; and
(C) the availability of commercial off the shelf technology that allows consumers to meet such levels of computer security;
(2) a summary of the plans of the Secretary of Homeland Security to enhance public awareness of common cyber security threats, including a description of the metrics used by the Department of Homeland Security for evaluating the efficacy of public awareness campaigns; and
(3) recommendations for congressional actions to address these impediments to appropriate public awareness of common cyber security threats.
Stu Sjouwerman
KnowBe4
