I was surprised to discover proof that my business is a target of cyber-criminals. After installing some security and reporting tools on my websites, I was alerted to the almost constant state of attack that they were under. And all I am doing is writing a cybersecurity blog. And you, dear reader, what of your business? There is a good chance that you are too, but simply don’t know it because your business does not have the reporting tools to alert you to the threat.
Well, when you are a government you are certainly under constant attack from other nation states, terrorists, cyber-criminal groups, and hacktivists. This year the U.S government has seen a string of breaches, little and large, including:
- Office of Personnel Management
- US Postal Service
- Internal Revenue Service
- US State Department
- DOD and Joint Chiefs
- President Obama’s email
- Hillary Clinton’s private email
- CIA Director John Brennan’s AOL email account
The US government has over 4 million employees (including armed services members), and is comprised of thousands of departments, each with its own network, budget, and IT staff. Security has been sub-par for a long time, and since cybersecurity isn’t sexy and won’t get you any votes, it has been woefully underfunded.
On October 30th, the White House released information about new their Cybersecurity Strategy Implementation Plan (CSIP).
“The CSIP focuses on strengthening Federal civilian cybersecurity through the following five objectives:
- Prioritized Identification and Protection of high-value assets and information;
- Timely Detection of and Rapid Response to cyber incidents;
- Rapid Recovery from incidents when they occur and Accelerated Adoption of lessons learned from the Sprint assessment;
- Recruitment and Retention of the most highly-qualified Cybersecurity Workforce talent the Federal Government can bring to bear; and
- Efficient and Effective Acquisition and Deployment of Existing and Emerging Technology.”
This is good news, even if it is a bit of locking the barn door after the horse is stolen.
For a small business that is looking to up their own cybersecurity game, there can be a lot learned from the CISP document that would help help a small business to formulate their own plans. Hey, we all paid for this plan (your tax dollars at work), so there is no shame in putting this strategy to work in our own businesses. Since we just finished up Cybersecurity Awareness Month (October), and we are at year end where plans are made, budgets are drawn, New Year’s resolutions are cast, and perhaps some leftover 2015 budget funds are available, it is a great time to implement a stronger cybersecurity strategy in your business.
- White House: Modernizing Federal Cybersecurity
- Cybersecurity Strategy Implementation Plan (CSIP)
- Sophos – US Unveils New Cybersecurity Plan
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com