Are you ready for the next cyber attack?

Information Management Journal, Sep/Oct 2003 by Swartz, Nikki

The U.S. Department of Homeland Security recently announced it will establish an office to focus on cyber security. The National Cyber Security Division will "conduct Cyberspace analysis," issue warnings and alerts about online attacks, respond to major Internet attacks, and assist in "national-level recovery efforts."

Part of the division's responsibility will be to coordinate the efforts of several cyber security offices that were folded into the Homeland Security Department this year and now will become part of the new division, including the Critical Infrastructure Assurance Office, the National Infrastructure Protection Center, the Federal Computer Incident Response Center, and the National Communications System. The division will have three sections: one will identify cyber security risks to the government and coordinate with the private sector on how to minimize them; another will oversee the Cyber Security Tracking, Analysis, and Response Center (CSTARC), which will respond to Internet events, track vulnerabilities, and coordinate with federal, state, and local governments, the private sector, and international security groups; the third will create cyber security education programs.

While the government may be prepared for the next cyber attack, Americans say their offices and co-workers are not. According to a survey by Harris Interactive, two-thirds of employees believe their co-workers are a bigger threat to customer security than hackers. Seventy-four percent of the 500 people interviewed said the security protecting customer data on their companies' networks was secure, very secure, or extremely secure, but 45 percent said it would be easy, very easy, or extremely easy for an employee to steal data from the network.

A survey of 760 people by the Information Technology Association of America and Brainbench found that only 35 percent of Americans believe that their colleagues know what to do and are doing it to protect workplace networks. The rest think their peers are not aware of the issue, don't know what to do about it, or just won't bother. More than half of U.S. workers said their employers do an adequate job providing information about cyber security threats and protection methods, but only 39 percent said their own knowledge of the issue was accrued on the job.