Threats and opportunities growing in cybersecurity: industry perspective.

• Author: Larkins, Tim

The federal government will spend about $10 billion on cybersecurity in fiscal year 2013. That number could grow to $13 billion in fiscal year 2014. For most federal agencies, cybersecurity is one hot-button issue that will not soon disappear. Determining what to defend against will play a large role in how much money the government must allocate toward cybersecurity.

Until recently, most government organizations have focused on manual and periodic monitoring and reporting for security management. This strategy was primarily driven by the Federal Information Security Management Act (FISMA), which had limited effectiveness in securing data despite the expense and efforts. Recent regulations now require federal agencies to implement continuous monitoring of their network operations. Periodic reports and certifications are not only expensive, but most evidence suggests that they do not improve an organization's security posture.

[ILLUSTRATION OMITTED]

Investing in continuous monitoring is an important step for government organizations, as hackers and hostile nations pose an increasing threat to the integrity of the United States' critical infrastructure.

An emerging concern for government is the use of mobile devices and applications. "Bring your own device" strategies that have been implemented in various institutions have led to increased productivity but can also lead to increased security vulnerabilities.

As the use of mobile devices and the purchase of mobile applications grow in the coming years, hackers will alter apps that are considered safe and retool them with malicious code so unsuspecting users download them without hesitation. Additionally, malware authors have developed viruses and programs that can automatically purchase applications from an app store without the user's permission or knowledge.

Botnets are another threat to government and corporate networks. A botnet is a computer that has been breathed by a third party and is monitored and controlled from a remote location. An employee's personal computer or laptop at work could be a botnet without him or her even knowing it. Most organizations with mature cybersecurity protocols can easily identify a botnet on their networks, and can quickly disable it and recover any lost data. However, "botmasters" will become more persistent and sophisticated, and will develop new techniques to reestablish control of botnets and continue to infect networks even after they are disabled.

...