We need fewer “cyber warriors” and more “cyber healthcare” professionals
Recently read an article titled “New Cyber Command leader pushes for more aggressive cyber defense” – https://govmatters.tv/new-cyber-command-leader-pushes-for-more-aggressive-cyber-defense/
My apologies to US Cyber Command, but I’m not convinced that we need more cyber warriors – our Nation already spends nearly $70,000,000,000 (that’s billions) a year on cyber defense and the bad guys are still kicking our butts, and so jumping higher or pedaling faster on cyber defense is unlikely to help.
Instead I suggest what we really need is a LOT more “cyber healthcare professionals,” a well trained and equipped force to get government and industry to do the proactive and preventive things needed to reduce the risk associated with the seven core issues that enable attacks and breaches; namely stuff like:
- Errant user behaviors – implement environmental factors and system tools to reduce the likelihood that they’ll click on something bad.
- Poor device/application configuration – when’s the last time you validated your routers and firewalls? What about your 3rd party provider applications and devices?
- Weak or default passwords – many devices (and a good chunk of IoT) are still holding default passwords, it’s like leaving your front door wide open.
- Failure to patch applications – most organizations don’t even have a good list of the applications they have; on-premise, hosted, or that users use on the web.
- Vulnerable or buggy software – are you still holding on to that unsupported legacy app that you know is vulnerable? Or haven’t upgraded apps because it’ll cost to do so?
- Lack of, or failure to enforce policy – security policies suck, but we need them to protect our livelihood, private information, and national infrastructure.
- Complacency of executive management – Stop asking; yes, it will happen to you. And no, cyber insurance won’t cover the costs. Invest up front and hold staff accountable.
So while it’s sexy and exciting to be a cyber warrior, chasing hackers across cyber space, the reality is that, like preventive healthcare, r-e-a-l cyber security is grinding on the things that you know need to be done so that you don’t need to go chase the bad guys.
So I suggest we trade some of the BDUs for some scrubs and use some of those cyber defense dollars instead to invest more in a cyber healthcare workorce!
Thanks for reading…r/Chuck