Last month, the White House issued a statement for National Cyber Security Awareness Month, stating that, “Any disruption, corruption, or dysfunction of our vital infrastructure can have a debilitating effect on national and economic security, public health, and our everyday safety.” Yet, there is a constant and persistent threat of malicious cyber attacks in the form of ransomware, phishing, and more that are disrupting hospitals, schools, supply chain suppliers, and small businesses across the U.S.
The threats are increasingly more difficult to protect against in the current hybrid work environment. As organizations are becoming more disparate and remote, new risks arise for the public sector workforce. “Some of the biggest threats for remote teams are social engineering, system access authentication, insecure home networks or WiFi networks, and unencrypted file and data storage,” Mike Nagy, Chief Technology Officer for Lyme Technology Solutions, recently told us.
Understanding the risks that small businesses and public sector institutions are facing, the Biden Administration has put into place requirements to ensure that cyber and communications infrastructure are protected. “Earlier this year, I signed an Executive Order to modernize and improve the security of our technology including areas like software security, information sharing, and federal network modernization,” President Biden wrote in a Cyber Security Proclamation. The EO directs agencies to only purchase products from companies that meet strong federal cybersecurity standards, thereby putting pressure on the private sector to raise the bar on their cybersecurity efforts.
According to Nagy and his colleague Justin Gedney, Senior Systems Engineer at Lyme Technology Solutions, this directive will have the greatest impact on small businesses that will need to ensure they’ve met the requirements to “do their part” in today’s tumultuous environment. “Managing cyber threats requires technology and manpower,” stated Gedney. “For small businesses looking to do business with the government, this will be significant investment to meet compliance with the Executive Order.”
On the flip side, federal agencies are working double time to ensure that they are also in compliance with the new EO, and quickly. Since releasing the order, additional memos were released around incident response, critical software, and a Zero Trust Architecture strategy draft. Each of these memos outline how agencies will be held accountable for ensuring a cyber practice is put in place. For example, the Office of Management and Budget has given agencies 60 days to access how they log cyber incident data as part of the Endpoint Detection and Incident Response model provided. It requires agencies to identify gaps for early detection, outline a mitigation plan for response, and leverage advanced technologies for remediation.
From a proactive perspective, Gedney told us that advanced technologies and practices are needed for a robust federal cybersecurity approach, such as “encryption of data-in-transit and data-at-rest” as well as advanced monitoring tools. Yet, there is no substitute for training and educating end-users, he advised. “End-user training is the most important aspect to combat cyber attacks. If everyone is aware and looking out for threats, the chance of a breach becomes significantly less. Technology is put in place to aid the behavior.”
In the end, for our nation to bolster its cybersecurity efforts, it will require public-private partnerships, collaboration, and all users to “do their part” in adhering to cyber security best practices.