[BreachExchange] Training Is the Government's Best Defense Against Cyber Threats

Thu Aug 25 19:54:19 EDT 2016

https://www.td.org/Publications/Blogs/GovLearning-Blog/2016/08/
Training-Is-the-Governments-Best-Defense-Against-Cyber-Threats

I served as the Chief Operating Officer for OPM during what was at the time
the nation’s largest cybersecurity breach. While this period was trying,
the lessons learned were invaluable. A crucial component of every
organization’s cybersecurity strategy is its people. Well-trained employees
are our best defense against emerging cyber threats.

The federal government possesses a tremendous amount of valuable data that
hackers would love to access. Strengthening our networks and securing our
data often involves a push and pull of competing priorities. On one hand,
there’s a desire to keep systems open in order to better reach our
customers or to increase integration. On the other hand, we must also be
mindful of security requirements that tighten control and access to our
systems. It’s important to understand this interplay in order to secure our
systems without negatively impacting or limiting our services.

While network security is critically important, it’s equally important to
have well-trained employees who understand what cyber risks look like and
how to respond. Hackers who seek access to our systems may use a variety of
tactics, including phishing scams, to break through our security protocols.
Continuously training our employees provides one of the best defensive
measures to secure our networks and systems.

Federal agencies are stepping up cybersecurity and IT awareness training
efforts. In the past, an employee would simply complete IT security
training every year—and most employees did not think twice about it. Now,
hackers are more sophisticated; it’s important to bring our training into
the real world so employees can understand what these attacks look like,
and how deceptive a hacker’s tactics may be. By seeing an actual,
real-world hacking tactic, employees will be better able to identify one in
the future.

Agencies can also deploy mock attacks that can help instruct employees
about what to look for and steps they can take. You might be surprised how
easy it is to fail these tests, and how many employees do. As the
cybersecurity landscape continues to develop and evolve, we must ensure
that our workforce is trained and prepared to recognize and respond
accordingly.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160825/9b69faed/attachment.html>