“Indeed, as President Obama has said, this cyber threat represents one of the most serious economic and national security challenges we face as a nation.”  Howard Schmidt made this statement in December of 2009, shortly after he was appointed to the newly created positions of special assistant to the President and White House cybersecurity coordinator.

Schmidt was speaking about the advanced, persistent threat against our critical information infrastructure, including cyberthreats against our electrical grid, global supply chain and our military.  In the short nine months since Schmidt’s appointment, the United States government has taken significant action to analyze our weaknesses on a national level and are now taking important steps to set appropriate policies—and shoring up our homeland security.

Here are some examples of strategic policy initiatives that are currently in progress:

•  Cybersecurity is being incorporated into the Obama Administration’s agenda as a key management priority.

• A national public awareness and education campaign is under way to raise awareness and enhance cybersecurity education in our schools.

• A cybersecurity incident response plan is in final draft and was exercised in September 2010.

• A draft cybersecurity-based identity management strategy and vision has been released for public comment.

• A privacy and civil liberties official has been designated to ensure that cybersecurity initiatives are undertaken with greater transparency and with careful attention to privacy and civil liberties.

And some tactical initiatives that are currently in progress:

• Federal civilian networks are being secured.

• The cybersecurity operations centers are being connected.

• A cyber counterintelligence plan is being implemented.

• The classified networks are being secured.

• Efforts are under way to better manage global supply chain risks.

In spite of the impressive progress by policymakers and United States government agencies, cybersecurity in small and medium businesses (SMB) worldwide still poses a significant and ongoing challenge. In June of this year, Symantec Corporation, a global leader in information systems security, released the findings of its 2010 Global SMB Information Protection Survey which indicates that 73 percent of the SMB companies polled were victims of a cyber attack in the past 12 months and that 30 percent of those attacks were deemed somewhat or extremely successful. That’s scary.

The report also indicates that respondents rank data loss and cyber attacks as their top business risks, ahead of traditional criminal activity, natural disasters and terrorism.

Seventy-four percent of SMBs surveyed are somewhat or extremely concerned about losing electronic information. In fact, 42 percent have lost confidential or proprietary information in the past. As a result, all of the companies who have lost data have seen direct losses such as lost revenue, or have suffered other directly related financial costs.

The survey, which is based on the May 2010 responses from 2,152 SMB executives and IT decision makers in 28 countries, clearly shows that small and mid-sized organizations are facing increased risks to their private information. It also revealed another significant data security issue for SMBs: lost or stolen mobile devices. Almost two-thirds of businesses polled have lost devices such as laptops, Smartphones or iPads in the past 12 months. And all of those polled have at least some devices that have no password protection and cannot be remotely wiped of their data to protect their confidential business information if the device is lost or stolen.

Security professionals unanimously agree that information security awareness training is a fundamental component of any cybersecurity protection plan. If you are in a leadership position within your organization, I strongly urge you to raise the awareness of cybersecurity threats in the workplace through targeted employee education and ongoing reinforcement, with an emphasis on ongoing.  Ultimately, we need computer operators to be smart, aware, and to use extreme caution when handling sensitive information or using devices that store that information.

If you are looking for some quick tips on what you can do to protect yourself, please go to the Symantec Education channel on YouTube by following this link: www.youtube.com/user/SymantecEduc#p/u. There you will find a number of short videos that explain what you need to know about risks on the Internet and how to stay safe. The videos are fun and explain the ins and outs of Internet security in an easy-to-remember, nontechnical manner. Topics include pests on your PC, the underground economy, phishing, botnets and several others. These are also great resources for teens and young adults who need to be educated on what to look out for and how to stay safe online.

Since we live in a world where virtually anyone with a computer is susceptible to modern cyber threats, we need to accept the shared responsibility of ensuring that our PCs and networks are secure, trustworthy and resilient. If we continue to make it easy for cyber criminals to steal bank account, credit card and e-mail login credentials, they will continue to profit from it—which in turn funds their ability to develop new and innovative ways to attack us. Please learn as much as you can about this important topic and then take action as soon as possible to improve your cybersecurity posture.

		Jeff Dettloff, CISSP, is the president and chief problem solver for Providence Consulting, a Symantec Technical Assistance Partner and one of Lansing’s leading providers of advanced network infrastructure and innovative technology solutions.