President Obama addresses cybersecurity during 2015 State of the Union

State of the Union 2015: The Cybersecurity Factor

During last night’s State of the Union Address, President Obama took a moment to address threats to our cybersecurity and particularly to Boston’s IT firms, asking Congress to pass legislation that could help prevent and combat cyberattacks on our nation, people and businesses. The president has been emphasizing his cybersecurity plan over the past week, which includes policies on data breach notification, credit score access and consumer privacy rights.

The text of the cybersecurity portion of the State of the Union Address is quoted below.

No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids. We are making sure our government integrates intelligence to combat cyberthreats, just as we have done to combat terrorism. And tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyberattacks, combat identity theft, and protect our children’s information. If we don’t act, we’ll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe.

President Barack Obama, State of the Union Address 2015

The president frames hacking threats as a global issue, not unlike terrorism. Because of the way our world has become connected through the internet, persons in foreign countries can mount attacks from right in front of their computer screens. Recently, evidence has pointed to North Korean hackers as being the culprits behind the massive data leak at Sony Pictures, which exposed social security numbers, healthcare information and embarrassing emails of the company’s employees. New things like waste management software and methods like garbage collecting in programming languages are being implemented to help combat cyber crimes.

For as vast as these threats might seem, it is important to remember that individuals can do a lot to protect themselves. Our national cybersecurity is not only a technical and legislative matter, but a human matter. 80% of data breaches start with human error. Managing the risk of human error will be just as important as firewalls and anti-virus software in the years to come.

When it comes to communicating with your customers, their security is a big deal. As new laws come into play and new threats emerge, banks and credit unions can engage their customers by helping them stay safe. This can be an especially effective gateway into a sales conversation.

Your router, that box sitting in a corner of your house giving you internet access, is in many ways more important than your laptop or mobile phone. It might not store any of your personal information directly, but sensitive data passes through it every time you access various online services and can be stolen or manipulated if the router is hacked.

A compromised router can also serve as a platform for attacking other devices on your local network, such as your phone or laptop, or for launching denial-of-service attacks against internet websites. This can get your IP address blacklisted and can slow down your internet speed.

Because it’s exposed directly to the outside world, your router is frequently targeted by automated scans, probes and exploits, even if you don’t see those attacks. And compared to your laptop or phone, your router doesn’t have an antivirus program or other security software to protect it.

Unfortunately, most routers are black boxes and users have little control over their software and configurations, especially when it comes to devices supplied by internet service providers to their customers. That said, there are certain actions that users can take to considerably decrease the likelihood of their routers falling victim to automated attacks.

Many of those actions are quite basic, but others require a bit of technical knowledge and some understanding of networking concepts. For less technical users, it might simply be easier to buy a security-focused router with automatic updates such as the Eero, Google OnHub, Norton Core, Bitdefender Box, or F-Secure Sense. The downside is that those routers are expensive, some require annual subscriptions for certain services, and their level of customization is very limited. Ultimately, their users need to trust the vendors to do the right thing.

If you don’t want to get one of those, or already have a router, follow along for a detailed, step-by-step guide on how to secure it.

Choosing a router

If you prefer getting a cheaper router or modem that you can tweak to your needs, avoid getting one from your ISP. Those devices are typically manufactured in bulk by companies in China and elsewhere and they come with customized firmware that the ISPs might not fully control. This means that security issues can take a very long time to fix and in some cases, they never get patched, with that in hand a very specific selection is needed if you want to keep your devices fully protected, make sure to check more about reliable modems and routers at this Combo Routers Guide.

Whether users can be forced to use a particular modem or router by their ISP varies from country to country. In the US, regulations by the Federal Communications Commission (FCC) are supposed to prevent this, but it can still happen. There are also more subtle device lock-ins where ISPs allow users to install their own devices, but certain services like VoIP will not workwithout an ISP-supplied device.

If customers are drawn to your website for educational and informative cybersecurity content that will help prevent and resolve issues, they can then be exposed to information about your product offerings, we suggest to recommend them the use of VPNs to protect their online privacy. This approach drives traffic and engagement without blaring ads. It puts the customer’s security needs first as a gateway to product purchases.

  • 90% of corporate cyber-attacks involve human error.
  • A new audit tool has been developed to allow auditors to go deeper into the qualitative aspects of these risks.
  • The perception of risk auditing today has shifted from, “did it occur?” to, “did it work?”

It’s no secret. Businesses are becoming far more susceptible to cyber-attacks and the problem is only getting worse. Last week, the FBI released a statement informing homeowners and small businesses that a new Russian malware program has infected over half a million wireless routers in 54 countries. To help defend against cyber-attacks like these, a company may undergo a risk audit to evaluate its cybersecurity in the major areas of prevention, recovery, and business continuity. However, a crucial component of mitigating cyber-risk is often overlooked. People.

Before cyber-attacks became so prevalent, risk audits were relatively simple for businesses to complete. Employees were typically tested on internal control procedures until all questions were answered correctly. For an incorrect answer, an employee would likely be called back by the auditor to review their mistake. In some cases, they could even be asked to retake the entire assessment. That strategy is no longer sufficient.

The Charlton College of Business at UMass Dartmouth has developed a new audit tool that goes deeper into the areas of cyber awareness. After conducting a survey, Associate Professor of MIS at UMass Dartmouth and codeveloper of the audit tool Timothy Shea stated he was, “surprised to find that about 50% of the 1000 participants felt ill-prepared to handle a cyber-breach during the day-to-day operations of their business.” Through a straightforward questionnaire, this new method evaluates the various forms of risk that come along with the combination of business activity and technology. The objective of the tool is to show auditors and executives what information employees retain, as well as the behavioral changes that result.

The audit tool will be licensed both independently and with multiple organizations as apart of a learning package to improve employee cyber training. Were using tools and platforms like to help us fight the good fight.

It is an unpredictable world. According to an IBM study, Nearly 90% of corporate cyberattacks involve human error. Completing an assessment is not enough. Cyber-attacks occur daily. It should be expected of employees to further prove their knowledge and compliance towards mitigating cyber-risk. Only true behavioral change will lead to effective internal control.

If a fire started in the office, anybody’s first thought would be to reach for the nearest extinguisher. That instinctive behavior is what managers must begin to instill in their employees regarding cyber awareness. It is time to stop focusing on whether a risk audit has been completed, but rather, start asking the essential question. Did it work?

Sign up for our latest Cybersecurity Content Marketing Workshop