Seems like nowadays, everybody’s got an opinion on how to protect your data and assets from threats like ransomware, supply chain attacks, and good old exploitation of vulnerable Internet-facing services.
That’s not really a bad thing, to be honest. At the heart of any responsible, mature security program is a set of fundamental principles—least privilege access, defense in depth, etc.—as well as basic practices like vulnerability management and security monitoring. The more voices we have urging organizations to adopt them, the better.
One significant voice in the last few months has been the White House. In May, we saw the President issue an executive order directing new security requirements for federal agencies as well as their suppliers. Key among these requirements:
The technologies listed here—MFA, EDR, and zero trust—are more than just fancy new industry buzzwords (although they sure are used that way). They represent some of the most effective modern security controls available. It’s encouraging to see the White House push their use.
Read more about Zero Trust Networks (ZTN): What are they and how do I implement one?
The Biden administration has been vocal about the recent spate of high-profile ransomware attacks, too. In response, Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, published a memo to business leaders—not just federal contractors, but any business operating a computer network—urging them to invest in some of these same technologies.
The guidance lays out a set of valuable practices that can help address ransomware as well as many other potential threats:
While we agree with this guidance, and the effectiveness of these technologies and practices—indeed, our security team can help with solution selection, design, implementation, testing, and tabletop exercises—we feel they are best accomplished not as a set of standalone projects, but as the effort of what Neuberger calls a “skilled, empowered security team” that is the core of your business’ information security program.
We talk a lot about security programs around here, and we’d love to talk to you about how to build yours!
Read more: Car parts and cybersecurity: what is Google dorking?