One of the hottest topics in cyberspace is the “Protect Cyberspace as a National Asset Act” (PCNAA), a bill the U.S. Senate is considering that would help strengthen the mechanisms by which government and private industry protect the safety and security of the Internet. According to the article, “Plan cyberwar defenses now, before any attacks succeed,” the flaws in America’s counterterrorism strategy continue to leave our cyber-communications network vulnerable to attacks aimed at breaching our personal privacy, stealing our secrets, and even physically harming us.
While it is good news that Congress is taking proactive steps before things explode, their solution to consolidate power within the government to legally monitor and respond to cyber threats as they occur is no way to get on top of the actual problem. Instead of proactively addressing the situation with a reactive set of solutions, they need to carry these measures through with proactive solutions that prevent the situations in the first place.
As I mentioned in a previous blog about malware that is already resident in a system but is waiting for the opportune time to launch, no matter where these attacks come from, and no matter which ATPs are involved, the vast majority of attacks have to do with malware in some way, shape, or form running on local machines. Even if organizations have taken adequate steps to protect their private networks, they need to make sure the solutions that they put in place prevent any malware from executing, no matter how they enter the system. Plans that deal with attacks after the fact will continue to keep the bad guys one step ahead and in charge.
It’s almost become a cliché to say we need be more proactive, not reactive, in the fight against cyber crime. Unfortunately, this simple message needs to be reinforced because too many companies and organizations continue to operate with a reactive mindset. If we expect to successfully protect our networks from the thousands of new cyber threats, public and private sector organizations need to follow up their proactive security talk with real proactive solutions.
[...] eradicated from the system? With antivirus software, we don’t. As I mentioned in the recent post, “U.S. proactive cybersecurity measures lack proactive solutions,” reactive solutions cannot stop persistent attacks. Unfortunately, this is yet another example of a [...]