Our industry has been discussing the need for updates to critical public electronic communications laws and policies; reductions in corporate liability for intelligence sharing; national data breach legislation to replace the morass of US state laws; and increases in funding for cybersecurity education, research and standards for many years.
There are two milestones that make a transition from conversation and confusion to clear and decisive action so important now. The first is that we’ve reached critical mass in both corporate and consumer understanding and perception of the importance of cybersecurity. While mega breaches are not new, consumers’ inconvenience of swapping credit card numbers has largely been the extent of impact for most Americans in the past and attention has quickly waned. This year, consumers and corporate citizens at all levels experienced multiple breaches that created a saga of compounding and widespread impact—from credit cards, to corporate espionage, to threats of physical terrorism—and sustained attention for months.
The second, more troubling factor is escalation. While some of the nation state saber- rattling may be just that, the ease with which cybercriminals compromised a significant footprint of the retail and digital advertising sector—and the aggressive and calculated manner in which they compromised and then meted out damage on Sony and other very mature organizations—is a major milestone and also an unsettling indicator of things to come.
It is critical that we begin to disrupt the cyber adversaries and their economic and political incentives. This disruption requires a concerted effort , and the government either can play a modern and effective leadership role or be a passive bystander commenting on the state of affairs. In the State of the Union speech President Barack Obama will provide a clear indicator of which direction the US government is heading on this issue.
ISACA is seeking to address cybersecurity challenges, including the global skills gap and need for guidance, in 2015 and beyond. With the critical skills gap in cybersecurity and the need for greater industry engagement and peer conversations around security governance, cyber career progression, standards, training curricula and professional certification, ISACA’s Cybersecurity Nexus (CSX) plays a pivotal role in bringing practitioners together worldwide and creating a launchpad for cybersecurity experts and solutions of the future.
Eddie Schwartz, CISA, CISM, president of WhiteOps and chair of ISACA’s Cybersecurity Task Force