There was a lot of bad news relating to cybersecurity this year. We had the largest breach ever, involving more than a billion Yahoo user accounts, and the largest distributed denial of service attack, which disrupted business operations nationwide. The most ominous was the alleged international information warfare waged against the U.S. democratic election process. The ability to influence, corrupt, disrupt or usurp the decision-making of an adversary is an extreme advantage that also causes significant long-term damage.
In most cases these attacks were enabled by stealing the user names and passwords of key users through phishing. Armed with these basics, hackers can mine data or analyze email history and use the information to access other systems. (How many of you keep your passwords in email?) Therefore, I recommend three key cybersecurity resolutions:
1. Invest some time to identify the truly important data — for example, finances, family photos — on your computers and devices, and back them up regularly.
2. Run an anti-malware scan on your computer and patch your software frequently.
3. Change the passwords on your critical accounts regularly. Doing this diligently will protect you if any accounts are breached and credentials are sold on the internet black market.
But 2016 wasn’t all bad news for cybersecurity. Artificial intelligence, leveraged to enhance the security on computers, has become mainstream. Firms are utilizing AI to monitor, detect and block anomalous activity before it causes any damage.
In addition, the U.S. government has taken action to formally develop a road map to strengthen cybersecurity in the public and private sectors. In February, President Barack Obama established the Commission on Enhancing National Cybersecurity “to enhance cybersecurity awareness and protections at all levels of government, business, and society, to protect privacy, to ensure public safety and economic and national security, and to empower Americans to take better control of their digital security.”
In December the committee released its report after holding seven public meetings. The report establishes initial public and private industry alignment on what is necessary to strengthen cybersecurity as a nation.
Last, the next generation of cybersecurity experts is now entering the workforce. This generation participated in cybersecurity training programs such as Cyber Patriot, which started in 2009 for high school students; collegiate programs such as the National Cyber League, which was established in 2011; and internships with the National Security Agency and others in the field.
A team of cybersecurity students from the University of Hawaii West Oahu and Honolulu Community College placed second in the 2016 National Collegiate Cyber Defense Competition and was the first Hawaii team to win the National Cyber League competition. Hawaii organizations can hire these future professionals and help strengthen the cybersecurity posture of local businesses and government agencies.
Incidents in 2016 shined a spotlight on our nation’s cybersecurity challenges. We realized that cybersecurity attacks can range from causing nuisance to shaking the pillars of our society. As a result, we as a nation are converging on consensus about the importance of addressing cybersecurity problems head-on and the means to do so through public-private partnerships.
As a local professional, I’m proud to see the initiatives to produce a cybersecurity workforce now bearing fruit and continuing to grow. Technology is improving, and there’s more awareness of cyber risks today compared with three years ago. The issue of cybersecurity has reached critical mass, and we can look forward to progress toward national improvement in 2017.
Michael Miranda, director of information security at Hawaiian Telcom, holds current Global Information Assurance Certification (GIAC) and is a Systems and Network Auditor (GSNA), Certified Intrusion Analyst (GCIA) and Certified Forensic Analyst (GCFA). Reach him at michael.miranda@hawaiiantel.com.
