Over the past year cyber and ransomware attacks targeting the nation’s supply chain and critical infrastructure have impacted the economy, national security, and public safety.
Incidents such as the cyberattack on software company SolarWinds, the ransomware attacks on Colonial Pipeline’s computer systems and the meat-processing company JBS, as well as the increase in cyberattacks on healthcare institutions and water treatment plants, are more than cybercrimes. They are national security threats.
Not only are adversaries expanding their capability and sophistication, but they also show an increasing level of “overt arrogance” not seen before, Shawn Henry, Chief Security Officer (CSO) and President of Services at cybersecurity company CrowdStrike, said during a keynote address at the Fal.con for Public Sector conference.
Deputy Attorney General Lisa Monaco expressed a similar sentiment at a cybersecurity roundtable hosted by the Justice Department’s criminal division. Monaco noted that the line between criminal hackers and those backed by countries like China or Russia is blurring, as cybercriminals and nation-state adversaries form alliances of “convenience” and “opportunity.”
“The other thing that has struck me is the sheer brazenness of this activity. There is a brazenness to the tactics and the techniques being used, especially when it comes to ransomware and digital extortion,” Monaco said.
Cybersecurity first and foremost
In today’s digital world, cybersecurity should be at the forefront of everyone’s mind when they connect to devices, networks, and the Internet. October is Cybersecurity Awareness Month, and during this last week of the month the focus is on making security a priority.
Whether your organization is an association, business, government agency, educational institution, or healthcare facility, or you are part of the workforce working from home or your office, cybersecurity should be first and foremost, not an afterthought. According to an article in Associations Now, “Given the data that associations have about their members and the stored data that’s vital to their continuity, associations need to pay attention to ransomware, even if it seems like something that happens to other organizations.”
That is why here at Yes&—and for our clients as well—every month is Cybersecurity Awareness Month. We are doing our part to protect our part of cyberspace. At the same time, Yes& works with leading cybersecurity and technology companies at the forefront of ensuring that our interconnected world is safe and more resilient for everyone.
What does it mean to make security a priority?
For businesses, it means building security into products and processes, according to the National Cybersecurity Alliance, which co-hosts Cybersecurity Awareness Month with the Department of Homeland Security’s’ Cybersecurity and Infrastructure Security Agency (CISA).
Individuals must keep cybersecurity at the forefront of their minds as they connect daily. Before purchasing a device or an online product, folks must research the strength of the security on those devices. When they set up a new device or app, they must learn about the security and privacy settings and update default passwords, according to the National Cybersecurity Alliance.
Plus, all organizations should make cybersecurity training a part of employee onboarding and equip staff with the tools they need to keep their organization safe. Organizations should train employees to recognize common cybercrime and information security risks, including social engineering, online fraud, phishing, and web-browsing risks.
Can all your employees tell the difference between a phishing email and a valid message? Phishing attacks have been on the rise since the COVID pandemic began in 2020. Phishing is a type of cyberattack that uses email, SMS, phone, or social media to entice a victim to share personal information — such as passwords or account numbers — or to download a malicious file that will install on the victim’s computer. As a result, the second week of Cybersecurity Awareness Month stressed the importance of being wary of emails, text messages or chat boxes that come from a stranger or someone you were not expecting.
Are you applying multifactor authentication?
Meanwhile, organizations should be implementing multifactor authentication (MFA), or strong authentication, which adds a layer of security to prove the identity of a user accessing applications, networks, or systems. For example, a person might use a password together with a code sent to their smartphone to log into a network, or a security card and a personal identification number. MFA is a key component to achieving Zero Trust, a cybersecurity concept in which every transaction is verified before access is granted to users and devices.
The government is leading the cyber charge
As part of The President’s Executive Order on “Improving the Nation’s Cybersecurity, Zero Trust and endpoint detection and response (EDR) solutions are some of the efforts the government is pushing to better identify, deter, protect against, and respond to cyberattacks. It’s a model that any organization can follow.
That said, the federal government recognizes that it cannot fight this battle alone. Protecting the nation from malicious cyber actors requires partnering with the private sector. In fact, we need to move beyond merely a whole-of-government approach to a whole-of-nation approach to cybersecurity because every one of us needs to do our part to make sure that our online lives are kept safe and secure.
Yes& is working with cybersecurity companies at the forefront of efforts to keep the nation’s critical infrastructure and people safe. For these companies and their government and business clients, cyber hygiene, resilience, and vigilance is a 24/7/365 responsibility.