By: Janet Wilson
DIS Public Information Coordinator
My agency director gave a keynote speech at a conference on cybersecurity. As the public information officer for the department, I helped him prepare by researching statistics about cyberattacks and data breaches in the public sector.
In doing so, I learned a lot about cybersecurity. Not enough to deliver a keynote speech, but enough to create greater self-awareness of the volume of cyberattacks that take place across the world every day, enough to make me much smarter about my own online security and enough to make me truly appreciate the hard work and effort of our cybersecurity experts at DIS to safeguard state data assets.
Did you know that several hundred thousand cyberattacks occur each day across the globe? Want evidence? Check out a super cool interactive map showing cyberattacks in real time from the point of origin to their destination. It is the Cyber threat Real-Time Map created by Kapersky Lab. Governments are an attractive target for hackers because of the sizable volume of personal data they house.
Did you know that the multiple layered defensive mechanisms block 75,000 attacks per day on the DIS-managed state network alone? Did you know that our systems block approximately 400,000 spam emails per day? Did you know DIS monitors all incoming and outgoing traffic across the state network 24/7/365 looking for suspicious cyber activity? We do and it’s a job that never ends. Think about it. A cyber-attacker only has to be successful one time to breach a network and compromise sensitive data. The cybersecurity office at DIS has to be successful every time to prevent it. It is a colossal task critical to the state of Arkansas and its citizens.
Probably the most eye opening aspect I learned about cybersecurity is that only a small percentage of data breaches are the result of outside hackers. The vast majority is caused by employee errors. In most cases, the error is a seemingly harmless act such as falling victim to a phishing email, clicking on a malicious link, using weak passwords and simple noncompliance with organizational security policies and practices. It could also be from leaving a mobile device or laptop in a vulnerable place, improperly disposing of paper records containing sensitive information or password sharing.
Employees are often the first line of defense for breach attempts. The burden of protecting organizations from compromise is shifting from cybersecurity experts to employees at every level. Educating and training employees to be security-minded from the second they’re hired should be of utmost importance to all organizations, both public and private. Employees should know the importance of complying with security policies and practices; know what a phishing email is; how to recognize it and what action to take if they are targeted. Employees also need to know the possible danger and potential consequences of clicking on suspicious links or files.
Cyberattacks caused by employee errors have resulted in major data breaches in several states. Educating employees with an eye toward preventing data breaches is certainly an ounce of prevention far less costly than expending possibly tens of millions of public money to remediate the damage after a breach has occurred.