In response to the five-fold increase in cyber attacks since 2009, the US government is establishing the Cyber Threat Intelligence Integration Center, a centralized department that will analyze intelligence and share data about cyber threats.
The CTIIC won't be a group of cyber-crime fighters, but rather a resource that makes it easier for the FBI, Secret Service, and private companies to fight cyber attacks. According to The Wall Street Journal, the CTIIC will work with data collected by other agencies – FBI, CIA, and NSA – and private companies, potentially filling a gap in the country's cyber security intelligence that is currently scattered among various organizations.
What a New Cyber Agency Means for IT Consultants
Perhaps the biggest takeaway from the establishment of the CTIIC is that it shows just how far behind the US government is when it comes to cyber security. Consider the following:
- The amount of malicious web traffic increased in 2014 and now accounts for 29 percent of all web visits, according to CIO Insider.
- 82,000 new strains of malware are invented each day, PCWorld reports.
It's unclear how much preventative cyber attack efforts will make a difference when so many data breaches are caused by human error.
Why the Government Will and Won't Prevent Cyber Attacks
Let's think about data breaches as if they were traffic accidents. While you can take precautions to prevent accidents, you can't predict when or why someone takes their eyes off the road and crashes their car.
Although cyber attacks are initiated by bad guys with malicious code, it's the good guys that often make the mistake that opens the door to a data breach. For instance, an employee may let their attention drift and accidentally open an attachment in a phishing email.
While the government can increase intelligence and data sharing, it can't prevent users and sys admins from making mistakes. The Target, JP Morgan, and Anthem data breaches were all facilitated by phishing attacks, which simply preyed on user error.
So what impact will the CTIIC have? It's hard to say for sure, but it will focus on…
- Sharing data about new attacks.
- Facilitating anti-malware programs with up-to-date signature databases.
With that said, in early 2014, the FBI warned that more POS attacks were coming after the Target data breach, but that didn't stop a number of other retailers from getting hacked.
Cyber Risk Isn't Going Anywhere
While the government may be starting a new high-level agency, IT consultants won't see much of a change – except that clients may be increasingly concerned about their data security.
As we reported in "Boost Your Cyber Security Skills for Bigger Paydays," more companies expect to increase their cyber security budgets, so it makes sense for IT consultants to expand their work to include security consulting.
Cyber security is becoming one of the fastest growing sectors of IT. Even if you don't work in InfoSec, your clients will likely have questions about the security of your IT solutions. To stay on top of their game, IT consultants will have to market their business's security features and may need to seek out additional training and certifications in InfoSec.
To learn more about ways to increase IT sales and expand your cyber security offerings, see our additional posts on IT business development.