What is the overview of cyber security near misses? In cybersecurity, it means events that had the potential of becoming an incident. In this article, the authors report on a few cyber security near misses to raise awareness in the field of cyber security.
Overview of Cyber Security Near Misses
Cybersecurity is the risk management of IT systems and the necessary actions taken. It is to protect information from unauthorized access or attacks.
A cybersecurity near-miss describes an event that, if confirmed, could have led to a serious incident, but did not. Also known as a “near-miss” it can be described as a failure that could have led to a significant incident if not prevented.
An example of a cybersecurity near-miss would be the attempted breach of security by an employee who became disgruntled and attempted to steal data or disrupt operations.
Cybersecurity Near Misses in Practice
The first reported cybersecurity near-miss was in 1984 when three hackers (in the US) broke into a computer system at the Lawrence Livermore National Laboratory in California.
The hackers defaced the site by posting a message that read: “The only thing we didn’t do is break the ice on the cooling pond.” This was the first reported cybersecurity near miss and foretold the numerous cybersecurity incidents that occurred over the next three decades.
The analyst was able to access the sensitive information by logging into an administrator account in his browser. Also, the analyst was able to do this because he knew how the system worked.
Objectives
Near-misses can be to track and identify weaknesses in an organization’s cyber security program. Also, it is to help the organization to establish a better understanding of the potential consequences of an incident.
The main objective in identifying these events is to determine why they occurred. Also, as to how they might have been prevented.
Near-misses should also be part of an organization’s internal audit program. Also, reporting on these events should be in the annual report.
It is to promote a culture of security throughout the organization. Also, it is to build confidence in the organization’s ability to manage its cyber security incidents.
Industry
Many organizations have been as a result of a near-miss situation or an employee making an error. Some examples are as follows:
A hospital had a near-miss with a hacker gaining access to an information system that contained patient data. The hacker wasn’t able to access the patient records but was able to view the schedule for the entire hospital for a week and was able to access other sensitive information.
An employee made a near-miss by connecting his laptop to his employer’s network without the required security settings.
He downloaded over 100 gigabytes of data from his company’s network. Also, he was unaware that doing so would have caused a malware infection on the network.
Conclusion
In conclusion, cybersecurity near misses is an important part of a comprehensive cyber security program. It is to ensure that the organization’s cyber security personnel are aware of their responsibilities and the importance of their role within the organization. Also, it is to build confidence.