Alliance campaigns against cybersecurity complacency

A public-private partnership kicked off the fifth annual National Cybersecurity Awareness Month on Thursday morning with a sobering statistic from a recent survey: only 42 percent of home computers have firewalls installed and enabled.

Comment on this article in The Forum.The survey of 3,000 Americans by the National Cybersecurity Alliance found a disparity between perceived security measures and actual protections. Eighty-one percent of respondents claimed to have installed a firewall, but manual scans of computers showed that only 58 percent actually had the software installed, enabled and up to date. Similarly, 75 percent thought they had anti-spam software installed, but only 42 actually had updated versions.

In addition, nearly 50 percent of those canvassed didn't know how to determine whether a Web site was safe, and the same percentage had difficulty separating high- from low-risk Web sites in search results.

"The next step is to make [cybersecurity] a priority," said Greg Garcia, assistant secretary of the Homeland Security Department's Office of Cybersecurity and Telecommunication. "There's no room for complacency; there's no excuse for ignorance."

Homeland Security will continue efforts to enhance cyberattack detection and response, strengthen systems and network protection at federal agencies, encourage sharing of information across public and private sector entities, develop tools to prevent attacks and promote research to stay ahead of the latest threats, Garcia said.

"I can say that [federal systems] are secure and will get more secure moving forward," he said.

So far in 2008, agencies have reported 71,000 security incidents to the U.S. Computer Emergency Readiness Team, which analyzes cyber threats and disseminates warning information. That's compared to 63,000 cyber incidents that were reported during the previous three years combined. The increase is testament to heightened awareness and reporting, rather than a spike in attacks, Garcia said.

"We don't have the luxury of years to bring [people] up to speed" about the latest threats, said Adam Rak, senior director of public affairs at security software vendor Symantec. "We have to beat the drum. … We're never going to solve the problem of [cyber threats], but we can reduce the risk."

Rak emphasized the need for national data breach legislation, which would require the government to notify citizens of any compromise of sensitive information. States have adopted similar rules and federal agencies are required to report incidents to US-CERT, but there is no national law.