Over the past few months our “situational awareness” with respect to cybersecurity has been enhanced by events including attacks on the New York Times, Twitter, and Facebook; the release of compelling evidence that much of our “CyberPain” can be traced to foreign, state-sponsored organizations; and the President’s timely Executive Order for Critical Infrastructure Cybersecurity. Have we reached a tipping point?

Yesterday, before his fifth State of the Union address, President Obama signed a cybersecurity executive order. This is what you need to know about "Improving Critical Infrastructure Cybersecurity."

Yesterday, Symantec and Microsoft technicians, together with U.S. federal marshals, raided data centers in Manassas, VA and Weehawken, N.J., shutting down servers, preventing users from accessing the internet, and pushing the above message to an estimated one million infected computers. If you were one of those caught in the process, while it may have been inconvenient, you were playing a small part in taking down a very big global cyber crime operation known as the Bamital botnet.

The New York Times selected a premier vendor of security products, Symantec Corporation, to provide antivirus software. Recently, they were attacked by hackers originating in China. After the attacks, the Times’ security consultant reported that the antivirus software did not protect the company. I consult for DLT Solutions with some of the most secure government agencies in the U.S. My primary suite of products comes from Symantec. Their security solutions are among the best in the industry. If they had fully deployed and properly utilized Symantec’s anti-virus software in their enterprise, most, if not all, of the attacks could have been prevented.

In 2004, Cabir became the first mobile-based worm, infecting Symbian-based devices including old Samsung and Nokia models. Although it was developed as a proof-of-concept, within a year Cabir helped spawn mobile malware including the first mobile Trojan (Qdial) and mobile application hack (Skulls). Today, explosion of smartphones and tablets has spawned an entirely new hacking industry – one that has the potential to bypass your current cybersecurity strategies if you have not included mobile protection.

The Senate worked throughout last year to gain consensus on a cybersecurity bill. The Cybersecurity Act of 2012 sought to establish a National Cybersecurity Council to be chaired by the Secretary of the Department of Homeland Security. The thrust of this particular legislation would have been to put in place a framework for protection of so called “critical infrastructure” - power plants, refineries, chemical production installations and similar facilities.

Last Friday, I had the privilege of hearing Henry Sienkiewicz, Vice Chief Information Assurance Executive for the Defensive Information Systems Agency (DISA), at a luncheon hosted by the Northern Virginia chapter of the Air Forces Communications and Electronics Association. In his opening remarks, Mr. Sienkiewicz identified three vectors challenging their cybersecurity delivery: budget decreases, strong demand from the services, and how cybersecurity is being conducted to defend and protect the mission. My five key takeaways are the following...

One of the most frequently misused quotes references the bottom of the totem pole. Many people associate it with negativity - “I’m stuck at the bottom of the totem pole.” However, the bottom is one of the places you wanted to be because it was one of the most honorable positions. It was those at the bottom who everyone relied on to hold society up. Cybersecurity is no different. Those at the bottom now must help hold those at the top.

Non-technical readers may be surprised to learn that software defects are the most common root cause of information security vulnerabilities. Whether through poor design, improper coding techniques, inadequate testing, or incorporation of third-party software modules of dubious quality; in many cases the threat vector is baked in before users install the software.

Zombie Data is old, forgotten data you think you’ve disposed of, but haven’t, coming back “from the dead” when a hacker finds it. And unfortunately, in the digital age, these zombies are not the slow limping version; they’re the 21st century, adrenaline-fused kind.