Back to blog

Exploring the Increasing Domestic, International and Transnational Challenges in Cyber Security

Pathlock
April 25, 2016

Exploring the Increasing Domestic, International and Transnational Challenges in Cyber Security

In recent news there have been a number of cybersecurity scares in the corporate sector. US technology firm EBay’s admission that “miscommunications” within the company resulted in an XSSGlobal-cyber-threat vulnerability going unfixed for over a month, leaving customers open to so-called “phishing attacks” wherein customers can be shown a fake but identical copy of the EBay website and tricked into divulging their passwords. The firm has requested that all users change their passwords due to the possibility that they have been compromised. Two warnings have been issued, one by the United States Government and the other by car manufacturer General Motors. The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team has warned industrial manufacturers to bolster their security efforts. This warning comes after an increase in attacks on domestic industrial control systems which are responsible for the automated operation of industrial machinery. Though no catastrophic incidents have yet been reported, such attacks are capable of completely destroying industrial systems as was seen in the 2010 destruction of an Iranian nuclear reactor. General Motors issued a recent statement that they would now be offering so-called “bounties” for information on security vulnerabilities found in their cars. As they move into the self-driving car market, such security is increasingly important. Last year, tech magazine Wired reported on the prevalence of such security flaws and we are pleased to see that firms in all sectors are beginning to take cybersecurity more seriously. As well, two major regulatory changes in cybersecurity are nearly upon us. In the European Union a forthcoming rule-set has been endorsed by the Internal Market Committee. The proposal put forward is to require that firms supplying essential services such as energy, transport, banking, health and cloud-storage meet certain cybersecurity standards. The proposal, in its current state, includes infrastructure upgrades and mandatory breach reporting, but also provides for the creation of a network of Computer Security Incident Response Teams to assist businesses in preventing and investigating cyberattacks. This last provision echoes the Cybersecurity Information Sharing Act which has recently come into effect in the United States. CISA provides corporations with help managing the increasing number of cyberattacks they are experiencing in exchange for access to threat and attack information aggregated by these companies. The hope is that this will allow the US government to bolster its own threat models in addition to deterring cyberattacks by foreign nations against the domestic private sector. All in all, it seems as though the world is finally waking up to the very real problem and the many challenges in cyber security. Though the number of cyber-attacks has risen in recent years (by independent actors and foreign governments alike), new regulations and the watchful eye of Western governments may serve to mitigate the damage they inflict. This does, however, bring increased challenges in regulatory compliance, as well as a need for larger IT security budgets to handle their increased workload. We were dismayed at recent reports that such spending will mostly flat-line in 2016, as the great increases of 2015 did not reach the minimums desired by most IT security professionals: “59 percent feel their organizations aren’t spending enough on security.” Please contact us to learn more about how we can help your business confront the emerging challenges in cyber security.