Technical Misunderstandings Lead to Problems for EDA
What is being termed by those in the IT world as a massive overreaction by the Department of Commerce's Economic Development Administration to a cyber attack has many people with careers in information technology saying that there needs to be more education about how companies and agencies should react to computer viruses and malware.
According to Federal News Radio, the EDA spent nearly half of its budget last year combating a cyber security issue that could easily have been taken care of. Rather than isolating the potential malware and cleaning up the problem, the EDA removed employee email and website access to the main agency network, leaving its regional offices with no possible way to accessing centrally held databases, ArsTechnica reported.
"There's no need to run away and react extremely when a cyber attack occurs," Venu Ayala, president and CEO of a cybersecurity services firm, told Federal News Radio. "If you have a good infrastructure, if you have the right processes and tools, then you likely are well prepared to handle any cyber attack."
The incident cost taxpayers an estimated $2.7 million, and stemmed from an initial inaccurate analysis of the extent of the infection, according to Federal News Radio. When the improper analysis was corrected, it was not clearly communicated to the EDA's information technology and incident response teams.
While it's important to respond swiftly and efficiently to breaches in cyber security, overacting, as in the case of the EDA, may be just as costly as underreacting. The information technology misstep has many in the IT community buzzing, and has highlighted the importance of effective communication between team members when responding to any sort of cyber security attack.
This article is sponsored by Western Governors University, a nonprofit, accredited, online university. WGU offers bachelor's and master's online degree programs in IT. To find out more, please visit www.wgu.edu/wisecareers_IT