Don’t Be The Next Hacked Company In The News: Why You Need To Go Beyond Traditional Security Controls
Cyberattacks are on everyone’s minds, including America’s leadership. Last month, an executive order was issued on the nation’s cybersecurity. As part of that executive order, we pulled out specific actions that government agencies and private companies will need to do to enhance their cybersecurity efforts.
Develop Cyber Policies and Procedures
These processes must address data, or information technology (IT) and the machinery, or operational technology (OT). This could certainly be a challenge as organizations allow their employees to work from home.
Build a Zero Trust Architecture
A few years ago, threats were often considered outside the company, but as cyber criminals became smarter, it is now important to continuously verify several factors before giving access. There are a few terms to know:
Zero Trust: According to The National Interest, “a strategy of zero trust is based on the need to continuously monitor and validate the presence of every individual, organization, device, and piece of information on a network.” This means that once someone is permitted access, they might have limited access and they must continue to be verified. If they do not pass a verification, access will be removed.
Zero Trust Access (ZTA): ZTA spells out roles of verified users and devices connected to the network. This does not just mean traditional office IT equipment such as computers and printers. This includes any device connected to the network including Internet-of-Things (IoT) – think smart devices such as wearable devices, smart appliances, etc.
Zero Trust Network Access (ZTNA): Think of ZTNA as an enhanced VPN. Access can be granted from anywhere, but it must be continually authorized. ZTNAs are more secure than a traditional VPN because of the level of security. The executive order specifically calls out securing cloud services including Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).
Improve Detection of and Response to Cybersecurity Vulnerabilities and Incidents
Even with a zero trust network in place, attacks can still occur. That’s why it’s so important that a system is in place to monitor, detect and respond to cyber threats immediately before any damage is done.
Perhaps you’re wondering where or how Comply to Connect (C2C) fits into this.
The U.S. Department of Defense C2C mandate was enforced to restrict device access from unauthorized users both internally and externally. With the goal to achieve a “zero trust” model, C2C reduces known vulnerabilities by detecting, identifying, characterizing, and deterring anomalous behaviors to secure the configuration of a network and its information resources. In other words, C2C is designed to increase cybersecurity efficiency across the DoD’s current and emerging operational environments.
C2C Is A Critically Important Step Toward Zero Trust
Every year, the Defense Information Systems Agency (DISA) conducts cyber assessments which results in a Command Cyber Readiness Inspection score or CCRI score. A high CCRI score indicates a strong security baseline. When implemented correctly, C2C should increase CCRI scores and mitigate future risks.
However, because cybercrime is constantly evolving, a one-time process is not enough. Organizations should know their CCRI score in real-time and not just after a periodic audit.
That’s why Three Wire Systems has developed tools and processes that provide continuous monitoring and maintenance of CCRI.
Why? Because although you may be in compliance today, that could change tomorrow. Plus, you could have blind spots that will cause damage in the future. In other words, momentary compliance does not equal continuous security.
As part of our cyber baseline evaluation, we’ll illuminate and map your current cyber landscape. What sensors do you have? What information do they provide? How do they share information? Which pieces are missing? What are you protecting and why?
Through this evaluation, we help you thoroughly understand your network. As your partner, we develop a continuous monitoring solution that combines C2C, governance and strategy. With this solution, you’re able to see real-time insights, make informed decisions, develop policies that make sense and ultimately have a more secure network.
With C2C already in motion, the executive order was a call to action to do just this – foster a more secure cyberspace by taking proactive measures.
We know C2C is on everyone’s radar these days, but don’t stop there. Think about how you’re going to design and implement a long-term cybersecurity roadmap.
Our cybersecurity experts are constantly thinking ahead. If you’re interested in learning more about our CCRI solution, contact us here.