The United States Department of Homeland Security (DHS) has just announced a new division specifically to handle cyber threats against critical infrastructure. The National Risk Management Center will manage cross-sector responses to cyber-threats against vital US assets like the recently exposed attacks against the US power grid.
DHS Secretary Kirstjen Nielsen describes the National Risk Management Center as part of a new strategy led by the US to “respond more forcefully to threats in cyberspace.” The center is intended to facilitate collaboration between government security agencies and private sector cybersecurity vendors.
"We are facing an urgent, evolving crisis in cyberspace," Secretary Nielsen said at a recent DHS-convened summit. "Our adversaries capabilities are outpacing our stove-piped defences to the point where virtual threats now pose an even bigger threat to national security than physical threats.”
The new threat landscape
The acknowledgement by the US’ peak security agency that cyber threats are now outstripping conventional terrorism in terms of harm-potential reflects the reality the cybersecurity industry is also aware of; cybercrime is a top priority challenge.
Surveys like PwC’s CEO Survey and the WEF Global Risks Report show that cybercrime and data breaches are now a primary concern for corporate leaders. There’s a growing awareness that mundane cybercrime methods like phishing have the potential to wreak havoc and even bankrupt companies.
Research consistently demonstrates that email vectors like phishing and malware payloads are responsible for the majority of damaging cyber-attacks. The revelations of the US DNC hacking indictment in July, which showed that Russian hackers probably used email-based phishing techniques to steal Democratic campaign files, has solidified the reality of cyber-threat in the public domain. Government agencies and business leaders alike are confronting the problem cybersecurity specialists are already tackling: simple email-based attacks have enormous destructive power.
The vast majority of cybercrime attacks - around 90% - are instigated through email, and that’s because email is a simple, inexpensive way to mount a sneak attack.
For businesspeople, top-level action on cybersecurity by agencies like the DHS indicate the reassessment of cyber threats over recent years from background irritation to existential threat.
Effective cybersecurity means stopping email-borne attacks before they enter the perimeter of an organisation. By the time a malicious message is in a staff members inbox, there is already a serious danger of compromise. One person in a company clicking on one link in an email can introduce spyware to a computer network or lead to the breach of confidential data on a massive scale.
Most people don’t know how to discern harmful emails from benign ones, so by the time a data breach is detected it's too late to mitigate harm. Cybersecurity has to be proactive and multi-layered to work, and that starts with keeping malicious email from reaching inboxes where it can impact vulnerable team members.
If you would like to learn more about the complex cybersecurity challenges facing business today, please download the e-book Surviving the Rise of Cybercrime by MailGuard CEO Craig McDonald. This plain English handbook explains the most common threats and provides essential guidance on managing risk.
“Cybercrime is a serious and growing business risk. Building an effective cybersecurity culture within an organisation requires directors and executives to lead by example. Surviving the Rise of Cybercrime is a must-read for directors and executives across business and in government and provides strong foundations for leaders determined to address cyber risk.” - Rob Sloan, Cybersecurity Research Director, Wall Street Journal.
Download your copy of Surviving the Rise of Cybercrime for free, here.