Security Incidents Become Routine

Introduction

                The discussion will focus on trends identified in the 2021 EDUCAUSE Horizon Report – Information Security Edition. The trend that has been identified and caught this researcher’s interest is that security incidents are becoming routine (Kelly et al., 2021). The examination of this trend will review and consider what forces positively or negatively impact it and the supporting technology.

The Trend

                It is sad to read articles relating to security incidents becoming routine when working in the cybersecurity field. That is akin to waking up and ordering eggs with a side of cyberattacks. Many would say that equates to job security. In many cases, it can, as many institutions have created incident management departments with dedicated management and employees (Kelly et al., 2021). The evidence of this trend comes from a survey completed in 2020 where fifty-four percent of United Kingdom Universities reported a data breach.

Image Captured from Logsign

The Force

                When looking at the industry, the question needs to be raised as to why. Why is are cyber incidents a daily event to the point of it becoming a routine? There could be a discussion on the attacker's psychology and their pathological personality traits of narcissism, Machiavellianism, and psychopathy (Maasberg et al., 2020) that drive them to attack and attempt to damage an organization. There could also be a discussion on ethics and individual responsibility (Robertson, 2017), which can be clouded by self-interest and self-righteousness (Hanson & Ceppos, 2006). That said, there are a plethora of reasons why an incident or an attack could occur. The attacker's psychology and personality are just some examples of potential forces that could impact an organization. Another potential force would be education and experience. An attacker may likely hit the same organization multiple times if they do not get stopped. Even if there is a dedicated team of security professionals, they may not be able to stop or prevent an attack if they were improperly educated, trained on a specific technology, or have not experienced a particular type of attack. In recent years attackers have created more sophisticated strategies and attacks (Kelly et al., 2021). Education and experience extend into building out a technology solution to act as the first line of defense. If technologists or system administrators are unaware of how to properly implement, support, and monitor the health of a given piece of technology, then it is much like the device was not even there.

Conclusion

The discussion focused on trends identified in the 2021 EDUCAUSE Horizon Report – Information Security Edition. The trend identified was that security incidents are becoming routine (Kelly et al., 2021). The examination of this trend reviewed and considered what forces positively or negatively impact it and the supporting technology.

 

References

 

Hanson, K., & Ceppos, J. (2006). The Ethics of Leaks. Markkula Center for Applied Ethics at Santa Clara University. https://www.scu.edu/ethics/focus-areas/journalism-and-media-ethics/resources/the-ethics-of-leaks/

 

Kelly, B., McCormack, M., Reeves, J., Brooks, D. C., O'Brien, J., Corn, M., Faehl, S., Harris, E., Novik, K., Pesino, S., Romness, P., & Sawyer, G. (2021). 2021 EDUCAUSE Horizon Report - Information Security Edition. EDUCAUSE. https://library.educause.edu/resources/2021/2/2021-educause-horizon-report-information-security-edition

 

Maasberg, M., Slyke, C. V., Ellis, S., & Beebe, N. (2020). The dark triad and insider threats in cyber security. Commun. ACM, 63(12), 64–80. https://doi.org/10.1145/3408864

 

Robertson, C. B. (2017). When is a leak ethical? Salon. https://www.salon.com/2017/06/18/when-is-a-leak-ethical_partner/