For Cybersecurity Awareness Month (and Halloween) – Some Scary Cyber Threat Stats

Tech Industry

A couple times a year I compile, analyze, and write about cybersecurity developments and statistics. As we begin the Cybersecurity Awareness month of October 2022, it is incumbent for all of us to be more wary than usual by the scary stats surrounding an increasingly sophisticated and lethal cyber threat landscape.

A first case in point to the precariousness of cybersecurity is the ease of beaching by criminal hackers.

Most hackers need 5 hours or less to break into enterprise environments

Most hackers need 5 hours or less to break into enterprise environments | CSO Online

“ Around 40% of ethical hackers recently surveyed by the SANS Institute said they can break into most environments they test, if not all. Nearly 60% said they need five hours or less to break into a corporate environment once they identify a weakness.

The SANS ethical hacking survey, done in partnership with security firm Bishop Fox, is the first of its kind and collected responses from over 300 ethical hackers working in different roles inside organizations, with different levels of experience and specializations in different areas of information security. The survey revealed that on average, hackers would need five hours for each step of an attack chain: reconnaissance, exploitation, privilege escalation and data exfiltration, with an end-to-end attack taking less than 24 hours.”

Chuck’s Comments: Thankfully this statistic cites ethical hackers. Many are top notch and exceptionally good at what they do. Still, exploitation of weaknesses is relatively easy even if it takes more than five hours for less experienced hackers. This call attention to the urgency of cyber hygiene including strong passwords, multifactor authentication, having good anti-malware software, and patching regularly.

Phishing remains the top threat in almost all cyber-threat statistics out there, especially driven more and more by mobile:

Phishing Attacks Crushed Records Last Quarter, Driven by Mobile

Phishing Attacks Crushed Records Last Quarter, Driven by Mobile (darkreading.com)

“Shocking phishing numbers (more than 1 million in a single quarter) are being driven by vishing, smishing, and other lures that target mobile devices.

Last quarter saw a record-shattering number of observed phishing attacks, fueled in large part by attempts to target users on their mobile devices.

The latest Anti-Phishing Working Group (APWG) “Phishing Activity Trends Report” for the second quarter of 2022 found 1,097,811 observed phishing attacks, the most the group has ever measured in its history. “

The financial sector remained the top target for phishing lures (27.6%), along with other bombarded sectors, including webmail and software-as-a-service providers, social media sites, and cryptocurrency.

“We’re seeing a huge increase in mobile phone-based fraud, with smishing and vishing collectively seeing a nearly 70% increase in volume as compared to Q1 totals,” Matthew Harris, senior product manager of fraud at Opsec said in reaction to the APWG findings. “We are still seeing fraud coming in via the typical OTT apps (WhatsApp, WeChat, Facebook Messenger, etc.), but the SMS-based fraud is really the kicker here.”

Chuck’s Comments: Phishing is the tool of choice for many hackers. Phishing is commonly defined as a technique of hackers to exfiltrate your valuable data, or to spread malware. Anyone can be fooled by a targeted phish, especially when it appears to be coming as a personal email from someone higher up the work chain, or from a bank, organization, or a website you may frequent.

Usually, the phishing malware comes via email attachments but can also be web-based. According to an analysis by Webroot, 46,000 new phishing sites are created every day and 1.385 million new, unique phishing sites are created each month. At a more granular level, the firm Wandera says that a new phishing site launches every 20 seconds. Two cybersecurity hygiene actions to improve your digital life in 2021 | AT&T Cybersecurity (att.com)

Phishes can be quite sophisticated nowadays. The tools are available on the Dark Web and the graphics used to mimic emails or texts from banks, companies, employers, and even friends are a far cry from the misspelled and cheesy phishing attempts from a decade ago. Moreover, they are automated and sent by the thousands with help of machine learning. I am frightful as deep fakes are on the horizon and they are a scary proposition in the wrong hands. Be alert and double check before you click!

Most organizations had a cloud-related security incident in the past year

Most organizations had a cloud-related security incident in the past year | Cybersecurity Dive

Security leaders consider the risk of cloud-based incidents higher than on-premises incidents, yet they expect to move more applications to the cloud.

  • More than 80% of organizations have experienced a cloud-related security incident over the past 12-month period, according to research from Venafi. Almost half of those organizations reported at least four incidents over the same period.
  • Companies are rapidly undergoing digital transformation to the cloud. Organizations in the study currently host 2 in 5 applications in the cloud, however that figure is expected to reach 3 in 5 over the next 18 months.
  • Despite those rapid changes, more than half of all organizations said they consider the risk of security incidents higher in the cloud, compared with on-premises environments.

Chuck’s Comments: Both the public sectors and private sectors are rapidly transitioning into a cloud and hybrid cloud world and computing is certainly moving closers to the edge. It is important to work closely with your cloud provider, know what data you need to protect and encrypt, and have an incident response plan in case you get breached .Clouds are not inherently risky, but companies need to recognize they have to evaluate provider policies and capabilities to protect their vital data. The use of the cloud and hybrid clouds enables implementation of dynamic policies, faster encryption, drives down costs, and provides more transparency for access control (reducing insider threats). When viewed from a security administrator perspective, optimized security in the cloud mitigates the risk of hackers getting key access to data.

64% of Businesses Suspect They’re Target of Nation State Attacks

64% Of Businesses Suspect They’re Targets Of Nation-State Attacks- Expert (informationsecuritybuzz.com)

New findings from Venafi 64% of Businesses Suspect They’ve Been Targeted or Impacted by Nation-State Attacks. Among key findings:

  • 82% believe geopolitics and cybersecurity are intrinsically linked
  • 77% believe we’re in a perpetual state of cyberwar
  • More than two-thirds (68%) have had more conversations with their board and senior management in response to the Russia/Ukraine conflict
  • 63% doubt they’d ever know if their organization was hacked by a nation-state

Chuck’s Comments: Critical Infrastructure has been increasingly targeted by nation states and evidenced by Colonial Pipeline and other high profile events. Protecting critical infrastructure Industrial Control Systems, Operational Technology, and IT systems from cybersecurity threats is a difficult endeavor. They all have unique operational frameworks, access points, and a variety of legacy systems and emerging technologies. As DHS CISA mission has recognized, protecting the critical infrastructure supply chain in IT and OT systems need to be a public and private sector priority. The Russian/Ukraine conflict has led to a “Shields Up” response from DHS CISA and stronger threat sharing between industry and government. Unfortunately, the energy sector and especially the Grid is still at great risk with a mix of OT/IT systems and infrastructure built decades back. Fortification of critical Infrastructure need to be a top priority.

More on that OT cybersecurity topic of Industrial Control Systems:

Industrial control systems face more cyber risks than IT, expert testifies

Industrial control systems face more cyber risks than IT, expert testifies | Cybersecurity Dive

· Most ICS technology was designed more than 20 years ago and built without cyber resilience, Idaho National Laboratory’s Vergle Gipson said.

  • Operational technology systems in the U.S. are more vulnerable to malicious cyberattacks than information technology.
  • Most industrial control systems currently in use were designed more than two decades ago, before there was a clear understanding of how to build cyber resilience into those systems, according to Gipson. While IT systems have been more actively managed, with firmware and patches frequently upgraded, OT systems are usually not upgraded or replaced until significant failures.

90% of companies affected by ransomware in 2022

An annual SpyCloud survey found that 90% of organizations were impacted by ransomware over the past twelve months, an alarming increase from last year’s 72.5%.

Despite increased investment in cybersecurity, over the past year, the relentless tide of ransomware continued to disrupt operations and put organizations’ data at risk. Moreover, organizations were more likely than last year to be impacted more than once: 50% were hit at least twice, 20.3% were hit between 6 and 10 times and 7.4% were attacked more than 10 times.

Chuck’s Comments: a statistic of 90% in ransomware attacks is more than alarming, it is spooky. Ransomware attacks are easy to initiate and criminal hackers can get paid in cryptocurrency and are difficult to find and prosecute. There are many anti-ransomware tool software tools available for companies to protect themselves. And for any company, backing up and isolating and encrypting sensitive data should be a part of their risk management strategy.

Ransomware attacks surge in education sector

Ransomware attacks surge in education sector | Cybersecurity Dive

Colleges and universities are particularly challenged as repercussions of ransomware hit them harder and longer than other organizations.

  • The education sector got hit with even more ransomware attacks in 2021, impacting almost two-thirds of higher education organizations, Sophos concluded in a new survey.
  • Ransomware attacks hit more than half of the lower-education organizations surveyed and almost two-thirds of higher education institutions.
  • This marks a jump from the 44% of respondents combined across lower and higher education that reported ransomware attacks in 2020, but it’s consistent with an upward trend in ransomware attacks across all sectors.

Chuck’s Comments: unfortunately, the education vertical is a cyber target like healthcare. Their systems are often made up of many networks and devices that can be targets of exploitation. This is a serious risk to high education, and in fact, one College (Lincoln College in Illinois) had to close after being victimized by a ransomware attack.

Half of global firms supply chains compromised by ransomware

Half of global firms supply chains compromised by ransomware | Cyber Magazine

· · Global cybersecurity company, Trend Micro, announced new research today that reveals global organizations are increasingly at risk of ransomware compromise via their extensive supply chains.

· Trend Micro commissioned Sapio Research in May and June 2022 to poll 2,958 IT decision makers across 26 countries. The research revealed that 79% of global IT leaders believe their partners and customers are making their own organization a more attractive ransomware target. The challenge is particularly acute considering that potentially less well-secured SMBs make up a ‘significant’ portion of the supply chain for over half (52%) of these organizations.

Chuck’s Comments: Supply chains that often are comprised of multiple vendors are a top target. Companies need to better authenticate, validate, and protect their supply chains. Supply chain cyber-attacks can be perpetrated from nation state adversaries, espionage operators, criminals, or hacktivists. Their goals are to breach contractors, systems, companies, and suppliers via the weakest links in the chain. This is often done through taking advantage of poor security practices of suppliers, embedding compromised (or counterfeit) hardware and software, or from insider threats within networks.

The remedy to fixing supply chain vulnerabilities is heightening government and industry collaboration highlighted in the policy initiatives, such as NIST, and in task forces on supply chain security established by the Executive Branch. More precisely, it requires enacting a risk management process that identifies vulnerable systems (especially legacy) and gains visibility into all the elements of the supply chain. Please see my article in GovConWire on this topic: Chuck Brooks: Government Focused on Securing the Cyber Supply Chain – GovCon Wire

Less Than Half of Large US Businesses Investing in Cybersecurity Despite Major Concern

Despite the rise in threats to businesses, companies aren’t doing enough to protect themselves or their customers.

Less Than Half of Large US Businesses Investing in Cybersecurity Despite Major Concern (tech.co)

· With cyberattacks on the rise and the average cost of an attack in the millions, safeguarding against issues such as data breaches and ransomware should be a number one concern for businesses of all sizes — but especially large businesses.

Advertisement

· While small businesses are the least likely to be protected, large businesses are the most targeted by attackers and, surprisingly, don’t fare much better. 83% of large businesses see security as a significant threat to their business growth. Yet only 43% of large businesses consider security a top three tech budget priority to invest in.

Chuck’s Comments: there is an adage that you can lead a horse to water, but you cannot make them drink. This rings true for industry. What will it take to make them take cybersecurity as an existential threat to their business operations and reputations?

Cybersecurity Statistics are good indicators where there are gaps and what the public and private sectors need to help remedy their situations. There is a lot of great advice out there to consider, especially in risk management. Below are a couple of my own articles on paths forward to consider. They are focused on the actions of proactive cybersecurity and public private cooperation.

Why Proactive Cybersecurity Is a Must in Today’s Sophisticated Threat Environment

Prevention and preparedness begin with discovering the knowns and unknowns in the code that is the backbone of the array of applications and operating networks.

By Chuck Brooks

Why Proactive Cybersecurity Is a Must in Today’s Sophisticated Threat Environment – HS Today

(Photo by Greg Wilson/405th Army Field Support Brigade – Europe & Africa)

In recent years, the cybersecurity focus and activities by both industry and government have been reactive to whatever is the latest threat or breach. As a result, mitigating the threats was difficult because, from the outset, cyber-defenders were always at least one step behind.

The reactive mindset has been changing due to a series of wake-up calls that have included a major series of intrusions by sophisticated threat actors against many high-profile targets (including SolarWinds, Colonial Pipeline, OPM, Anthem, Yahoo, and many others) that exposed a flawed approach to defending data and operating with a passive preparedness.

As our reliance on the interconnectivity of cyber devices, enterprises, and applications on the cyber landscape has grown, so have the cyber intrusions and threats from malware and hackers. The growing and sophisticated cyber threat actors include various criminal enterprises, loosely affiliated hackers, and adversarial nation-states. The firm Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025. Cybercrime To Cost the World $10.5 Trillion Annually By 2025 (cybersecurityventures.com)

Also, a change in the cyber risk environment resulting from a transition to remote work coinciding with a heightened need for procurement of innovative technologies and services has created a new paradigm for cybersecurity.

With the growing realization of just how important IT is to our business and as a result of the dramatic increase in breaches, there is a growing recognition that protection against them should be considered more than a business cost item and a necessity to ensure business continuity and reputation. Proactive cybersecurity has been a posture that has been adopted increasingly by industry and government.

Proactive Cybersecurity = Risk Management

Being proactive in the evolving digital ecosystem is not just about procuring technologies and hiring people. It also means adopting a cybersecurity framework that would include tactical measures, encryption, authentication, biometrics, analytics, and continuous testing, diagnostics, and mitigation, as they may apply to specific circumstances. Concisely, proactive cybersecurity means helping ensure business continuity.

In a core sense, a successful cyber threat consequences strategy is really about risk mitigation and incident response to maintain business continuity. It is critical to be aware of the morphing threat landscape and plan contingencies for all potential scenarios. A risk management strategy requires stepping up assessing situational awareness, information sharing, and especially resilience planning.

Foundational to a commitment to proactive cybersecurity is a cyber vulnerability risk assessment. That action item is a critical first step in cybersecurity best practices. A risk assessment can quickly identify and prioritize cyber vulnerabilities so that you can immediately deploy solutions to protect critical assets from malicious cyber actors while immediately improving overall operational cybersecurity.

A comprehensive risk management approach should include cyber-hygiene best practices, education/training, use policies and permissions, configuring network access, testing of code, security controls, applications, device management, application controls, and regular network audits.

Three strategies are most commonly being used today to bolster risk management in cybersecurity. They include Security by Design, Defense in Depth, and Zero Trust. Security by design monitors manages and maintains the security process. Defense in depth enables layers of redundant protective security measures to help deter data breaches. And zero trust focuses on protecting resources (assets, services, workflows, network accounts) through strict identity and access management enforced by authentication and proper authorization. Combining Three Pillars of Cybersecurity (forbes.com)

The specifics of a security approach may vary according to circumstances, but the mesh that connects the elements are situational awareness combined with systematic abilities for critical communications in cases of emergency. These guidelines are represented in the U.S. government’s National Institute of Standards and Technology (NIST) mantra for industry and government: “Identify, Protect, Detect, Respond, Recover.”

First Steps: Testing of Code & Applications

Testing software code is a critical function of information technology product validation. If the process of testing is not followed, the end-use product may be defective and potentially put a business or organization at risk. Detecting and fixing bugs in software development is a way to ensure the end quality of products.

That assessment needs to begin with application security testing to identify vulnerabilities that can be exploited in code or misconfigurations, or the discovery of malware already existing in programs and applications. Prevention and preparedness begin with discovering the knowns and unknowns in the code that is the backbone of the array of applications and operating networks that will determine our digital future.

New code, especially third-party software, needs to be thoroughly identified, assessed, and validated before it is installed on the network. Third-party advisory websites such as US-CERT and BugTraq are important to monitor for new known vulnerabilities for your cybersecurity team.

While new code is a threat, many applications and programs may already be operating on legacy systems that include flaws and access points that can lead to breaches. Therefore, legacy code needs to be reviewed for patches along with any new code as part of a vulnerability assessment. Every application begins with software coding and standards are needed to optimize and discover vulnerabilities. This can be done by visibility scanning and penetration testing, which includes the verification/validation of the source code that can be exploited. The testing and validation testing process is all about finding issues before they get to production and contaminate networks and devices.

What is known can be tangible, but a big challenge for software testing, assessment, and validation is being able to anticipate the unknown threats common with cybersecurity breaches. These unknowns may include finding hidden malware undetectable by sandboxes, signature-based, and other behavioral identification products.

For most companies, software testing is used for quality assurance purposes that bring value to the users. Testing is a reputational enabler that helps ensure that quality products and any troubling issues are fixed before they are brought to the marketplace. The testing checks the alignment, user interface, and functionality of the products which translates to customer satisfaction. If you are planning to launch an application, it is necessary to check the compatibility and performance of the same in a wide array of operating systems and devices.

Testing also is a budget-related issue because it is cost-effective. It allows for planning and saves money in the software development process where bugs and misconfigurations can be caught and fixed in the initial stages of the software development lifecycle.

Security is another significant factor in the need for software testing. If security capabilities are built into the products in development, it builds trust for the users. Product security is a fundamental requirement for both industry and government, especially with the heightened sophistication of cyber threat actors.

The Need for Continuous Simulation Validation Testing

The sober reality is that cyber-breaches are not a static threat and criminal hackers are always evolving in tactics and capabilities. Cyber-criminals are now using stronger evasion techniques that can even stop running if it detects it is in a sandbox or other malware detection capabilities are detected. Software runs injection of code and manipulation of memory space as an exploit kit is injected in the target system. Often these criminals use stolen certificates that are sold underground or on the Dark Web to bypass anti-malware detection and get around machine learning code. Industry and government must do more to meet and contain cyber-threat challenges.

Because of the sophisticated and growing attack surface being exploited by hackers, testing needs to go beyond traditional vulnerability scanners and manual penetration testing. It also needs to be automated to keep up with the pace of change in the evolving cyber landscape. Anticipating what criminal hackers might do in likely scenarios and practicing how to defend against it is a prudent measure to improve cybersecurity. That is what is done via continuous simulation validation testing.

Continuous simulation validation testing helps fill that discovery and protection gap. Through simulations, results can be immediate, can be performed frequently, and do not rely on the skill level of the tester, which can be a weak point that leads to vulnerabilities.

Continuous simulation validation testing combined with penetration testing is a good avenue to consider since new payloads and attacks show up in the wild every day. There are currently several vendors providing continuous security validation solutions with different approaches. According to one of those vendors, Cymulate, in 2021 top threats that impacted companies include LockBit, Conti and Dharma ransomware, HAFNIUM, TeamTNT, and APT29 with Log4j abuse. Cymulate’s simulation validation approach employs an Immediate Threat Intelligence module to enable companies to assess and optimize their Email Gateway, Web Gateway, and End Point security controls with out-of-the-box test scenarios that simulate potential new threats. Cymulate research reveals unique threats in the wild rose by over 35% in 2021 – Cymulate

Simulated attacks are useful because they also enable security blue teams to assess and fine-tune their detect, alert, and response capabilities through integrations with existing security programs and systems including vulnerability management, EDRs, SIEM, SOAR and GRC systems.

Cyber-Resilience and Business Continuity

Cyber-resilience and business continuity after an intrusion is an area that must be continuously developed for optimizing response protocols, training of information security personnel, and deployment of automated detection and backup technologies.

Cyber-resilience, business continuity, innovation, and collaboration between government and industry stakeholders is a proven model that makes good sense. Together, government and the private sector can identify products and align flexible product paths, evaluate technology gaps, and help design, evaluate, and simulate scalable architectures that will lead to more efficiencies, and fiscal accountability.

Information sharing is also a key cog to the resilience and business continuity equation as it helps both industry and government keep abreast of the latest viruses, malware, phishing threats, ransomware, insider threats, and especially denial of service attacks. Information sharing also establishes working protocols for lessons learned and resilience that is critical for the success of commerce and the enforcement against cyber-crimes. DHS CISA has expanded its programs in information sharing with industry in the past couple of years, especially with companies involved in operating critical infrastructure.

Cybersecurity at the leadership level requires effective communication with the board and management team. The CISO, CTO, CIO, and executive management must align strategies, collaborate, and regularly assess their information security programs, controls, and safety of networks. Reputation management is often needed if the breach interferes with a company’s operations.

Remediation is important to continuity; no matter what, breaches will happen. To be most effective for resilience, industry and governments should have an incident response plan that includes mitigation, business continuity planning, and secure backup protocols in case networks and devices are compromised. Training and tabletop exercises can improve incident response plan implementation should an actual incident occur.

The incorporation of best practices and the lessons learned from the various and many breaches over the past few years is certainly valuable data for establishing components of prevention, recovery, and continuity in a plan. Unfortunately, many businesses are still negligent in their preparation and analyses. A recent study by Wakefield Research found that a third of mid-sized organizations still do not have a cyber-incident response plan in place! A third of mid-sized organizations don’t have a cyber-incident response plan (betanews.com)

The Challenge of Emerging Technologies

Emerging technologies are both tools for cyber-defenders and threat actors. The current cyber-threat landscape now includes artificial intelligence, machine intelligence, IoT, 5G, virtual and augmented realities, and quantum computing.

Automation, combined with artificial and machine intelligence, is an emerging and future cybersecurity pathway. Artificial intelligence (AI) is really going to be a big catalyst for cybersecurity. It will enable real-time threat detection and real-time analysis. Companies will be able to monitor what is in their system, and who may be doing things that are anomalies.

AI can also be used as a tool for nefarious purposes by criminal hackers to find vulnerabilities and automate phishing attacks, so not deploying or understanding the implications of such usage will undermine resiliency and continuity. AI and these other emerging technologies will all have a disruptive impact on security and operating models for the near future. Addressing new and more sophisticated threats will be fundamental to cyber-resilience and business continuity in the next decade.

In today’s sophisticated threat environment, cybersecurity can no longer be viewed as an afterthought if businesses are going to survive and thrive. Being proactive rather than reactive makes sense for anyone operating in the digital landscape. There are a variety of established paths to follow in cyber risk management to fill gaps and bolster defenses. Complacency in the face of growing threats is not one of them.

Government and Industry Cooperation: More Important Than Ever for Cybersecurity Awareness

By Chuck Brooks

Government and Industry Cooperation: More Important Than Ever for Cybersecurity Awareness – United States Cybersecurity Magazine (uscybersecurity.net)

With another National Cybersecurity Awareness Month upon us, few major things have changed from the past year in terms of threats. As the capabilities and connectivity of cyber devices have grown, so have the cyber intrusions from malware and hackers. The cyber- threat actor ecosystem has grown in both size and sophistication. They are also openly collaborating in sharing targets. And tools. The cyber threat actors include various criminal enterprises, loosely affiliated hackers, and adversarial nation states.

Information sharing on threats and risk is one of the most principal functions of government and industry collaboration.

Achieving a full awareness of nefarious actors who operate in the cyber realm and protecting against their capabilities is an arduous task. Clearly, industry cannot respond to growing cyber-threats alone, especially for small and medium businesses who lack the resources and expertise. Increased government and industry cooperation to meet those challenges is a viable course to help mitigate threats and challenges. It is a proven risk management model that makes good sense. In several areas.

Information sharing on threats and risk is one of the most principal functions of government and industry collaboration. Sharing such information helps allow both government and industry to keep abreast of the latest viruses, malware, phishing threats, ransomware, and insider threats. Information sharing also establishes working protocols for lessons-learned and resilience that is critical for the success of commerce and the enforcement against cyber-crimes.

Both Solar Winds and the Colonial pipeline breaches highlighted the government’s assistance in mitigating breaches and moving toward resilience. Government was directly collaborating with the companies to discover the extent of the breaches and options for amelioration.

Remediation of breaches is important to continuity; no matter what, breaches will happen. The incorporation of best practices and the lessons learned from the various and many corporate breaches over the past few years is certainly valuable data for both industry and government in terms of prevention, recovery, and continuity.

GOVERNMENT TAKES PROACTIVE ROLE WITH INDUSTRY PARTNERSHIPS

The government and industry partnership are being well coordinated via the Cybersecurity and Infrastructure Protection Agency (CISA) of the Department of Homeland Security (DHS). Over the past few years, CISA has taken on a formal and increasingly larger role as the lead civilian agency in government working with industry, and state & local and tribal stakeholders on cybersecurity threats. The proposed 2023 DHS budget has appropriated more than $2.5 billion toward cybersecurity demonstrating the importance of the agency’s role in protecting the homeland in cyberspace, including in the aforementioned areas of information sharing and resilience.

Most significant is that CISA under the leadership of Jen Esterly created the Joint Cyber Defense Collaborative (JCDC) last year to fundamentally transform how cyber risk is reduced through continuous operational collaboration between government and trusted industry partners. “The Cybersecurity and Infrastructure Security Agency established JCDC—the Joint Cyber Defense Collaborative—to unify cyber defenders from organizations worldwide. This diverse team proactively gathers, analyzes, and shares actionable cyber risk information to enable synchronized, holistic cybersecurity planning, cyber defense, and response.” The JCDC also is supported by other government agencies including the FBI, NSA, and U.S. Cyber Command to help drive down risk in partnership with industry.

In recent years, DHS along with The National Institute of Standards (NIST), has made a growing effort to bring the private sector together with the government, especially to develop information sharing protocols in risk management. In a core sense, a successful cyber threat consequences strategy is really about risk mitigation and incident response. A risk management strategy requires stepping up assessing situational awareness, information sharing, and especially resilience planning. It is critical to be aware of the morphing threat landscape and plan contingencies for all potential scenarios. NIST has been extremely helpful to industry in those areas.

The White House has also heighted government and industry cooperation in various areas including supply chain security, protecting critical infrastructure (most of which is owned by the private sector). In specific regard to critical infrastructure, the underlying goal of collaboration is to help protect against targeted cyber intrusions of the nation’s critical infrastructure, such as financial systems, chemical plants, water and electric utilities, hospitals, communication networks, commercial and critical manufacturing, pipelines, shipping, dams, bridges, highways, and buildings.

White House and industry cooperation has been primarily aimed at identifying vulnerabilities, ensuring security, and integrating resilience in the public/private cyber ecosystem. The most recent activity by the White House was an executive order formulating a Zero trust strategy for government agencies. That “trust nothing connected” perspective is also being assimilated in industry.

Congress has supported CISA’s expanded role and involvement with industry. Several bi-partisan bills have bolstered the agency’s integral role in cyber preparedness, response and resilience for both government and industry.

COOPERATIVE RESEARCH AND DEVELOPMENT

Research and development of potentially disruptive cybersecurity technologies is another benefit of government and industry cooperation. The change in the cyber risk environment coinciding with a heightened need for procurement of innovative technologies and services has created a new paradigm for a cybersecurity partnership between government and industry.

Together, government and the private sector can identify products and align flexible product paths, evaluate technology gaps, and help design scalable architectures that will lead to more efficiencies, and fiscal accountability. Bridging R&D spending between the government and private sectors should also allow for a more directed and capable cybersecurity prototype pipeline to meet modern technology requirements.

An enhanced and streamlined government and industry partnership should continue to be a priority for cybersecurity strategies in 2023, as threats can morph, especially with the emergence of technologies such as artificial intelligence, machine learning, 5G, and eventually quantum computing. The partnership needs to be both proactive and adaptive to change as the

threat matrix may become increasingly lethal to economic and strategic stability if we remain unaware and unprepared for the potential consequences.

###

About The Author:

Chuck Brooks, President of Brooks Consulting International, is a globally recognized thought leader and subject matter expert Cybersecurity and Emerging Technologies. Chuck is also Adjunct Faculty at Georgetown University’s Graduate Cybersecurity Risk Management Program where he teaches courses on risk management, homeland security technologies, and cybersecurity. He is also IEEE Cyber Security for Next Generation Connectivity Systems for Quantum IOT Vice-Chair and serves as the Quantum Security Alliance Chair for IOT. LinkedIn named Chuck as one of “The Top 5 Tech People to Follow on LinkedIn.” He was named as one of the world’s “10 Best Cyber Security and Technology Experts” by Best Rated, as a “Top 50 Global Influencer in Risk, Compliance,” by Thompson Reuters, “Best of The Word in Security” by CISO Platform, and by IFSEC, and Thinkers 360 as the “#2 Global Cybersecurity Influencer.” He was featured in the 2020, 2021, and 2022 Onalytica “Who’s Who in Cybersecurity” He was also named one of the Top 5 Executives to Follow on Cybersecurity by Executive Mosaic, He is also a Cybersecurity Expert for “The Network” at the Washington Post, Visiting Editor at Homeland Security Today, Expert for Executive Mosaic/GovCon, and a Contributor to FORBES. He has an MA in International relations from the University of Chicago, a BA in Political Science from DePauw University, and a Certificate in International Law from The Hague Academy of International Law.

Advertisement

Leave a Reply

Your email address will not be published.