Site icon

Incentivize Cybersecurity Investment

Abstract

This document will provide a definition for cybersecurity and the importance of implementing various security strategies. It will highlight specific ways in which cybersecurity can impact Americans and their ways of life. It will pinpoint the significance of federal agencies like the Department of Homeland Security (DHS) and their challenges regarding cybersecurity. This process often includes the need for cybersecurity staff to use mitigation that will reduce cyberattacks from having a negative impact on personal computer users, government and businesses. The research asserts that the United States can play a significant role in helping entities within the country with cybersecurity measures, as well as using opensource information to educate other nations on effective security strategies. As malicious code continues to become more difficult to mitigate, it is important for DHS to use accurate intelligence in order to provide solutions for current and emerging threats. One of the most important security strategies involves backing up data as a countermeasure for cyberattacks and threats to general information security policies. The document uses areas of contemporary American politics to discuss the need to develop more policies that promote security for Presidential candidates and other high-profile individuals. Security policies are recommended throughout the document and serve as resources for other cybersecurity professionals to use as successful options for security policies. It also suggests the need to upgrade cybersecurity policies on a frequent basis in order to defend against current threat agents and those that may arise in the future.

Incentivize Cybersecurity Investment

Cybersecurity is defined as the state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve any of these (Lexico, n.d.). Cybersecurity is important as it acts as a protection of the internet systems which has the hardware and software. Also, cybersecurity has been implemented in many private and public organizations and business institutions.

 “We will protect the American people, the homeland, and American way of life”. This national security strategy begins with the determination to protect the American people, the American way of life, and American interests. Americans have long recognized the benefits of an interconnected world, where the information and commerce flow freely. Engaging with the world, however, does not mean the United States should abandon its rights and duties as a sovereign state or compromise its security (Lewik, n.d.). Today, many cybercriminals target smaller companies rather than larger companies. Hackers target small organizations because they are easier to breach. A recent survey by Hiscox found that nearly half of all small businesses have experienced at least one cyberattack in the past year at an average cost of $34,604 to remediate (Liwer, 2019).  It is a great idea to start adopting methods to incentivize cyber-security investment.

The Department of Homeland Security’s (DHS) most recent fiscal year’s strategic plan emphasizes this shift by focusing on highlighting cybersecurity of critical infrastructure as a top priority of their cyber mission (Rosson, Rice, Lopez, & Fass, 2019). Cybersecurity has become an important factor that can determine the failure or success of organizations that strictly rely on information systems. That being the case, investment in cybersecurity is a highly important financial and operational decision.

Cybersecurity investments want to minimize the loss caused by cyber-attacks. No amount of security investment can eliminate completely the risk presented by cyber threats and vulnerabilities. Security in any arena that can only expect to reduce probability of a loss and the size of a loss through effective risk management. The single sweeping reform that fixes the security issues of any industry cannot exist with cybersecurity. However, improving the risk management at individual companies implemented in an incremental fashion will create stronger security posture across the industry in the long term (Rosson, Rice, Lopez, & Fass, 2019).

Nations like the United States need to have their own cybersecurity workforce. The United States wants to protect the integrity of the nation, damages, and unauthorized access. If one attack is made towards an organization or nation it will be harder to mitigate the risk, leading to revenue and monetary loss. It is important to spread the awareness of cybersecurity which can help in reducing the global economic risk.

Today, cyber attackers have advanced technology and managed to be one step ahead of those who defend their own infrastructures. Cybersecurity is a strategic decision that can increase the competitive advantage of an organization over potential threats. The importance of this topic has led many organizations to incentivize cybersecurity investment. Tens of millions of Americans have had their credit card or social security numbers stolen in hacking attacks against Target, Home Depot, Sony, JPMorgan Chase, and other corporations. These data breaches represent a growing problem, with losses from online credit card and identity theft in the US totaling nearly $1.7 billion in 2014 (King, 2015). However, companies have little or no interest on investing in cybersecurity. Why? The cost to Target of its hacking in November 2013, in which cybercriminals took forty million credit card numbers, is characteristic: the company spent $252 million afterward investigating the breach, repairing its network, and settling customers’ lawsuits (King, 2015). Some companies may not see it as a necessary investment, however nowadays, it is highly recommended for companies to start investing on cybersecurity.

It is necessary for every type of organization whether it is small, medium, or large business to have their data backup so that any type of malware occurs, their data won’t be affected. An organization needs to invest on cybersecurity attacks and prevention towards this. Hackers are very intelligent, and they are capable of looking at the company’s weaknesses. Small companies are usually the easiest targets for cybercriminals. Additionally, while it is necessary for organizations to early identify and disclose attacks to protect their systems by responding to possible threats, the technology helps organizations and people to be protected from the cyberattacks by some methods like next-generation firewalls, DNS filtering, malware protection, antivirus software, and email security solutions (Colendi, 2018).

Technology has been growing in a very fast pace and it has reached over 50% of the entire population. That has its benefits and its problems. One of the benefits it is that technology is connecting everyone in the world. The problems is that there are a lot of private information and resources stored in the cloud that it is very hard to maintain security. Today the hacking community has been growing a lot since most of the cases are been ghosted due to the demand of people getting hacked. As technology is growing, we have to make sure that the information from the user is secure. It is like paying for an extension of a building and not taking care of the maintenance for it. The cyber world has changed our lives and most people are dependent of it.

            In 2016, the presidential candidate Hillary Clinton was a victim of a cyber-attack. This attacked was hours late a phone call she had with the current president of the United States Donald Trump. While the Mueller report did not find evidence that Donald Trump or his campaign knowingly coordinated with Russia to target the computers and data of Hillary Clinton’s campaign during the 2016 US presidential election, the investigation did show that both sides were willing to reap the benefits of each other’s actions (Lemos, 2019).

            This cyberattack was aiming to steal very data/information that could bring Clinton’s reputation and credibility down. However, it is impressing the power that some hackers have due to the low cybersecurity infrastructure we have. Although the investigation established that the Russian government perceived it would benefit from a Trump presidency and worked to secure that outcome, and that the Campaign expected it would benefit electorally from information stolen and released through Russian efforts, the investigation did not establish that members of the Trump Campaign conspired or coordinated with the Russian government in its election interference activities,” the report stated (Lemos, 2019).

            In 2016 there were a lot of other cyber-attacks aiming to steal important information to the presidential candidates in order to manipulate the elections. Nevertheless, it is confirmed at some point that Donald Trump did not participate in these activities. This means that Russia was attacking the U.S by manipulating the elections in order to suit was it is better for them.

            The National Cyber Security Division (NCSD) is a division of the Office of Cyber Security & Communications, within the United States Department of Homeland Security‘s Cybersecurity and Infrastructure Security Agency. NCSD is a really big agency that helps the government, military, private sector and intelligence stakeholders to reduce risk assessments and detect threats to technology assets. However, the fact that hackers from Russia was able to manipulate somehow the elections of 2016 means that there is a lot of work we need to do.

            In order to detect this threat in a future and reduce risks; I want to implement a policy that will aim to improve our information technology assets and important government information. Cyber Guards Policy: (1) Every presidential candidate must have a team dedicated in data protection. (2) Every presidential candidate must educate individuals working on his campaign about cyber security principals. (3) Presidential candidates must not share information to third parties. (4) Presidential candidates must use private and secure servers in order to keep their information secure. (5) Presidential candidates must collaborate in preventing these cyber-attacks for the benefit of the country.

            This policy aims to have a better infrastructure while candidates are working on their campaigns. Also, it will educate people working on campaigns to avoid tricky traps from hackers and some of the tools they used. The hackers used Mimikatz, a hacking tool used once an intruder is already in a target network, to collect credentials, and two other kinds of malware: X-Agent for taking screenshots and logging keystrokes, and X-Tunnel used to exfiltrate massive amounts of data from the network to servers controlled by the GRU. Mueller’s report found that Unit 26165 used several “middle servers” to act as a buffer between the hacked networks and the GRU’s main operations. Those servers, Mueller said, were hosted in Arizona likely as a way to obfuscate where the attackers were located but also to avoid suspicion or detection (Whittaker, 2019). Meanwhile, another GRU hacking unit, Unit 74455, which helped disseminate and publish hacked and stolen documents, pushed the stolen data out through two fictitious persons. DCLeaks was a website that hosted the hacked material, while Guccifer 2.0 was a hacker-like figure who had a social presence and would engage with reporters. Under pressure from the U.S. government, the two GRU-backed persons were shut down by the social media companies. Later, tens of thousands of hacked files were funneled to and distributed by WikiLeaks (Whittaker, 2019).

     We have to upgrade the infrastructure of our clouds, network, and other information technology assets. In order to start working on this policy we will need to first educate our people on how to avoid phishing, scams and downloading trojans. This is where we should be aiming. In order to improve our cyber security network. We can move with next steps after this. It is very important that other nations do not have access to information about our candidates since will used most likely to their beneficial needs.

The practices of Cybersecurity have been growing a lot in the past decades. The evolution of technology has made so many changes to our lifestyle. That we are now depending on technology to survive. Computer Scientist is always developing new software for different reasons. This software is mostly used in order to make things easier and faster for us. This software has been built following securities rules that help maintain the software running and reduces the risk of hackers. However, as we have discussed before there is always insecurity in the code that hackers can break-in.

            Big companies spend a lot of money in protecting their information technology assets. Although not just companies have to be aware of hackers, important politicians have to be careful in not exposing themselves to these attacks. Hillary Clinton was involved in a big scandalous in 2016 during her political campaign.  This attacked was hours late a phone call she had with the current president of the United States Donald Trump. Our current president was not involved in this attack but that is how fast hackers can trigger insecurity in the system. The Mueller report did not find evidence that Donald Trump or his campaign knowingly coordinated with Russia to target the computers and data of Hillary Clinton’s campaign during the 2016 US presidential election, the investigation did show that both sides were willing to reap the benefits of each other’s actions (Lemos, 2019).

            In the development of the policy Cyber Guards Policy which consists of these steps: (1) Every presidential candidate must have a team dedicated to data protection. (2) Every presidential candidate must educate individuals working on his campaign about cybersecurity principals. (3) Presidential candidates must not share information with third parties. (4) Presidential candidates must use private and secure servers in order to keep their information secure. (5) Presidential candidates must collaborate in preventing these cyber-attacks for the benefit of the country. We will prepare our people to have a better understanding of how to avoid these attacks.

The way we will start implementing this into political campaign parties is 1). Hiring professional candidates in the Data Protection field in order to improve our security and have people with expertise in the area working with us. 2). Hiring a consulting tech company to instruct our people who will be working with us in the campaign. In order to be able to work for a political campaign, you must pass any test/exam provided by the tech company. This will assure the political campaign that the people working with them have strong knowledge in the topic. 3). Presidential candidates and people working inside the campaign must sign a contract agreeing on maintaining confidential information secret. If this section of the policy is not fulfilled the person who disobeys the policy will be removed from his charges and will be prosecuted for his actions. 4). The same tech company hired in section 2 will also work in developing servers in order to keep the information assets secured and private. This server should not be shared by anyone else outside of the political campaign members. 5). Presidential candidates must collaborate with other presidential candidates in order to improve the protection of their assets. This alliance will help improve the security and trust between different presidential candidates in their political campaigns.

The benefits that this policy will have are higher security for information technology assets; reduce risk on media scandalous about important information leaked by hackers, reduce stress for presidential candidates and people working on their campaigns. The body of the campaign will have a better infrastructure while candidates are working on their campaigns. Also, it will educate people working on campaigns to avoid tricky traps from hackers and some of the tools they used. This includes avoiding scams, phishing and downloading trojans/viruses from the internet.

This policy will have benefits but it will also have cons that we have to work on so we can minimize cost. The first con that will pop up is time, as we know building a team that will have the power of all this information and assets is not easy. It will take a lot of research and time in order to hire the best candidates for this position and also, we will have to run background checks. This means that we will have to spend more time and money in getting the right people. Another con that we will encounter will be resources. In order to build a very strong team, we also must have very strong tools, computers, networks, and other assets in order to maintain a strong cybersecurity system. Lately, the resources we will need to train the people and provide them with the information that they need to keep safe. This may not sound very hard to do but giving them access to this information can be game-changing to the security of the U.S information technology assets that presidential campaigns have.

During the implementation of the policy, we might encounter some setbacks. For example, two-member of our data protection team do not want to continue the process because of the stress and high demand of their time. This will push back the process until we have to find other candidates that can fill this position. We also have to make a big budget for our security analyst team. This is where most of our budget will be aiming at. “Information Security Analysts make a median salary of $84,188, while Network Security Engineers make $110,344 and IT Security Specialists earn $113,532 per year. (Most Lucrative Skills, 2019).”

A lot of companies have lost a lot of money, important information, this has made the area of cybersecurity to grow. However, when politics are involved with hacking attacks or actions related to hacking things do not go well. The political campaign losses credibility, voters, and alliances. This is more delicate since the information that is leaked in these cases is very sensitive.

Cybersecurity has become more important over the last few decades due to the spread of internet access in the United States and around the world. Technology is a part of protecting the country and impacts people in their everyday lives. The country’s dependency on technology has a direct impact on our quality of life (Radu, 2019). Evolving cybersecurity strategy often includes software developers making new programs that enforce cybersecurity policies through building patches and using security settings. These programs can make personal computer and those used for commerce more secure. When evolving cybersecurity policy, it is important to keep track of the metrics used to measure how well the software works, which will reduce the number of cyberattacks taking place in the United States. Evolving security policy should include the examination and testing of security programs and procedures.

            In some cases, implementing cybersecurity strategies could be as high as 80% of a company’s budget, making it the most expensive line item. One significant strategic operation involves protecting politicians and other high-profile people. The fact that sometimes people make mistakes, can also have an impact on the ability to provide physical and technical security for such individuals. In addition to famous people, businesses and ordinary citizens also need the same protections from physical and technical exploits. In 2016, there were a number of cyberattacks taking place at the Democratic National Committee offices, state and local offices, politicians and individuals through social media campaigns. Presidential candidate, Hillary Clinton, was exposed to a cyberattack that pointed toward Russian involvement during that time, which is one of the inciting indents to launch the Mueller investigation to see if those cyberattacks and other areas like espionage were conducted in connection with the current US President or his administration. No collusion was founded throughout the two-year investigation. They did identify Russian hackers as those being responsible for the cyberattacks and social media propaganda taking in 2016. Evolving cybersecurity policies will make it more difficult for adversaries to break into networks that manage information during the 2020 election (Marks, 2019). Here is a solution from an evolving cybersecurity perspective entitled Cyber Guards Policy: (1) those responsible for data management for Presidential candidates and other members Congress should have the most up-to-date software and hardware for their ongoing security, (2) cybersecurity workers who communicate with and have direct access to Presidential candidates and other important officials should constantly update policies regarding safety based on where he or she is traveling or if they discover a crucial vulnerability that needs to be addressed immediately, (3) in order to assist the Secret Service and other agencies it remains imperative for cybersecurity professionals to refrain from selling or distributing confidential campaign and security data to other parties, (4) use virtual private networks, encryption and other technologies to make information as secure as possible, (5) using preventative measures will also make candidates more safe by disrupting or eliminating threats as soon as possible.

            After establishing the Cyber Guards Policy, implementing it from an evolving security policy perspective includes the following: (1) hire staff with the knowledge and expertise needed to protect their assets both digitally and technically, and encourage current employees to pursue advanced trainings in order to be more active in operationalization, (2) hiring a third-party cybersecurity firm to run assessments after internal staff has done so to aid the company in finding areas of strengths and weaknesses, pointing them in the right direction of where they should spend their time improving security, (3) the signing of confidentiality agreements, to prevent loss of sensitive campaign data is a strong way to protecting high-profile personnel, (4) keep all servers digitally and physically secure and ensure communication through their networks are private and secure, (5) this may be unlikely to occur, but if the government could provide a website, intranet or any other services that candidates can submit their data to that will validate its security, that could be a solution that can make 2020 candidates and their information more secure.

            The operationalization of this new policy, in conjunction with a commitment to continuously evolve cybersecurity policies will benefit the United States in several areas: increase security for information technology assets, conduct risk assessments as well as reduce the possibility of data breaches or damages to company networks. The adoption of continuously improving security policy will increase security for all campaigns, promote staff educating on network security, and keeping them away from other threats (download or sharing inappropriate code, avoiding non-company links, etc.).

            Evolving cybersecurity policies have many benefits but also several drawbacks: (1) the amount of money the company has to spend on cyber-related activities, (2) the availability of time, which may not give cybersecurity staff all the space they need to incorporate their new policy changes, (3) having the ability to conduct research on threats before mitigating them, (4) hire the right candidates with the cyber skills that the company needs, (5) acquiring the best human and technical resources available, (6) use ongoing training for staff on the evolving cybersecurity policies that will cause them to promote security in accordance with the strategic operations.

            After studying the development, operationalization and aspects of evolving cybersecurity policy, it becomes apparent why these policies should be there and how they should be updated continuously. The main strategic objective for handling personnel, or in other areas of network security, is to use the resources you have in order to provide the highest level of security possible. The biggest challenge is to do those things within company budgets and resources. Cybersecurity professionals should never lose the company money, but instead cause it to gain security both quantitatively and qualitatively using their available resources. Even though there may be constraints in time and money, it would still be important for cybersecurity workers to inform their staff about the available risks and vulnerabilities of their networks, even if they cannot provide a solution to everything at once, it will give them insight on where to use their resources later.

References

Colendi, (December 4, 2018). Biggest Hack Attacks of all Times Marriott, Equifax, Yahoo, and Others. Retrieved from https://medium.com/colendi/biggest-hack-attacks-of-all-times-marriott-equifax-yahoo-and-others-83446d995c9c

Cybersecurity. (n.d.) In Lexico Powered by Oxford Dictionary. Retrieved from https://www.lexico.com/en/definition/cybersecurity

King, J.D., (August 2015). Why Some Companies Don’t Invest in Cybersecurity. Retrieved from https://magazine.columbia.edu/article/why-some-companies-dont-invest-cybersecurity

(n.d.). Pillar I – Protect the American People, the Homeland and the American Way of Life. Retrieved from https://www.lewik.org/term/28589/pillar-i-protect-the-american-people-the-homeland-and-the-american-way-of-life/

Rosson, J., Rice, M., Lopez, J., & Fass, D. (May 2019). Incentivizing Cyber Security Investment in the Power Sector Using An Extended Cyber Insurance Framework. Retrieved from https://www.hsaj.org/articles/15082

Lemos, R. (2019, April 19). Russia Hacked Clinton’s Computers Five Hours After Trump’s Call. Retrieved from https://www.darkreading.com/risk/russia-hacked-clintons-computers-five-hours-after-trumps-call/d/d-id/1334484

Whittaker, Z. (2019, April 18). Mueller report sheds new light on how the Russians hacked the DNC and the Clinton campaign. Retrieved from https://techcrunch.com/2019/04/18/mueller-clinton-arizona-hack/

Lemos, R. (2019, April 19). Russia Hacked Clinton’s Computers Five Hours After Trump’s Call. Retrieved from https://www.darkreading.com/risk/russia-hacked-clintons-computers-five-hours-after-trumps-call/d/d-id/1334484

Online Courses. (2019). Retrieved from https://www.onlinecoursereport.com/most-lucrative-skills-should-i-study-machine-learning-data-science-or-cyber-security/

Marks, J. (2019, September 10). The Cybersecurity 202: How state election officials are contributing to weak security in 2020. Retrieved October 17, 2019, from https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2019/09/10/the-cybersecurity-202-how-state-election-officials-are-contributing-to-weak-security-in-2020/5d76a5a9602ff171a5d73505/.

Radu, S. (2019, August 15). Which Country Has the Best Digital Quality Life? Retrieved October 17, 2019, from https://www.usnews.com/news/best-countries/articles/2019-08-15/these-are-the-top-countries-for-digital-quality-of-life.

.

Exit mobile version