Amid a worrying trend of cybersecurity incidents that have led to major data breaches or loss, President Biden has prioritized a tightening of security spanning the public and private sectors. The Executive Order on Improving the Nation’s Cybersecurity outlines a coherent plan for improvements to combat an increasingly determined threat to the American people’s security and privacy.
From the Russian hack on the Treasury and Commerce Department, revealed last December, to the ransomware attacks that shut down Colonial Pipeline and extorted $11 million from the world’s largest meat producer JBS Holdings, it’s a gross understatement to say threats are ever-present.
This new executive order is not just about improving government defenses; it also extends to any organization the federal government contracts with. The hope is that its influence will go beyond that to serve as an example to all.
Here is a quick look at some of the key concepts in Biden’s order and what organizations can do to fulfill them and improve cybersecurity.
FOSTERING BETTER COLLABORATION
Different organizations, service providers, government departments, and even the agencies charged with investigating incidents often fail to share vital data on emerging threats and ongoing cybersecurity incidents. Whether it’s the result of a general reticence or strict adherence to contractual terms, these barriers make it difficult to effectively deter, investigate, and respond.
Sweeping away some of the regulatory hurdles and crafting a standard format for reporting breaches and sharing intelligence could have a major impact. Cybercriminals and other threat actors share vulnerabilities and trade in exploits, so we must work together to defeat them.
In practice, organizations must recognize when cyber incidents should be reported, understand what information should be shared, and put processes in place to ensure reporting is swift and comprehensive.
CREATING A ZERO-TRUST ARCHITECTURE
Moving to a model that assumes all network activity is a potential threat, whether internal or external, is smart. Every connection must be verified before access is granted. For this to work, accurate data classification is crucial. Organizations need a clear picture of the data they hold and who needs access to it.
Multi-factor authentication (MFA) should be employed to restrict data access, encryption should be a default for data at rest and in transit, and any file transfers must be confined to secure channels. It’s also important to consider digital rights management (DRM) so that access can be revoked instantly when required.
SECURING THE SOFTWARE SUPPLY CHAIN
As the hack involving SolarWinds proved, organizations assume (too confidently) a level of security from major service providers in the supply chain. Government departments and private companies alike are not equipped to prevent or even detect software supply chain attacks. It’s important to perform due diligence on prospective partners and include provisions to secure supply chain software in contracts.
Strive for complete, up-to-date data and record every action to aid auditing and enable accurate reporting. Evaluate critical software to ensure it meets standards for MFA and encryption, but you should also employ automated tools to ensure integrity, check for known or potential vulnerabilities, and remediate wherever possible.
STANDARDIZING INCIDENT RESPONSE
Having a clear plan for incident response that includes expectations for reporting, investigation and mitigation timelines, and clear responsibilities is crucial to minimize any potentially damaging impact. Organizations should strive to incorporate appropriate NIST standards. In some cases, the government will specify necessary procedures and guidelines for what will be considered a reasonable response.
A clear framework for incident response and a commitment to greater transparency in the aftermath of attacks will allow swift, effective action to nullify threats. Failing to disclose breaches or share relevant data in a timely fashion is already harming defensive efforts, and changing this will benefit everyone involved.
IMPROVING PREVENTION, DETECTION, AND REMEDIATION
We touched on the importance of collecting and maintaining data to aid the investigation and remediation of any issues. Intelligence sharing and transparency in incident response, built upon a zero-trust foundation, will strengthen our collective defense. For prevention, it’s also vital to consider where the greatest risks lie and how incidents usually begin.
Malware frequently gains hold through phishing emails and other kinds of social engineering attacks. Security awareness training, followed by regular testing, is a crucial piece of the cybersecurity puzzle and one of the most effective ways to reduce incidents in any organization. Training is also a vital component of any new procedure for reporting and investigating suspicious activity. Ensure employees understand the reasons, or the imperative, behind this type of training.
Anyone working with government or federal agencies must heed this order and plan to make improvements immediately, but all organizations will benefit from prioritizing better cybersecurity. Ultimately, there are so many common underlying structures and connections between business and government that any move to tighten cybersecurity and aid swift investigation will benefit all.
Stu Sjouwerman is the Founder and CEO of KnowBe4 Inc., the world’s largest Security Awareness Training and Simulated Phishing platform.