On August 18, the United States Cyber Command was elevated from a subordinate component of the NSA to that of equal status with other combatant commands such as USSTRATCOM (U.S. Strategic Command), USSOCOM (U.S. Special Operations Command), and USCENTCOM (U.S. Central Command).
This substantial move – originally proposed by former President Obama – is long overdue and recognizes the enormous importance of protecting the U.S. from cyber attacks by foreign adversaries attempting to disrupt the U.S. government, military, infrastructure and industries. Responses to attempts by foreign agents to spread ransomware, disrupt critical infrastructure, hack servers and databases or spread disinformation designed to confuse or negatively influence public opinion in the United States will now fall under a command which has the same seat at the table as a command that deploys Special Forces units worldwide to fight terrorism.
A “combatant” command is distinguished by being comprised of more than one military branch and receives full funding and support commensurate with its area of responsibility to complete its mission. In other words, it is not marginalized but has the authority to execute its mission and is adequately staffed and funded.
Where is your cyber command?
Whether with national security or your enterprise security, cyber security should not be marginalized on the sidelines. Whether your industry is in the financial sector, public health sector, education, government agencies or defense contractors, you have much at risk from cyber threats and the risks are growing. A 2017 survey of 1900 cyber security professionals from these and other major industries shows that the three major cyber security concerns for enterprises are email phishing attacks, insider threats and malware.
Take a look at your enterprise. What data do you stand to lose? Are you prepared to react to an internal or external data breach? A security strategy must first recognize what damage could occur from an external or internal attack. This includes downtime due to a denial of service (DOS) or other external attack, loss of intellectual property (IP) or customer data from internal or external threats and loss of data due to ransomware, advance persistent threats (APT) and other malware.
You must make a full evaluation of which resources you have available and a plan to address resources that are still needed to fully protect intellectual property, customer data, employees and other users. You must have an incident response plan to react to any breaches of security and exercise it.
What is your cyber strategy?
The security model you enact must appreciate the great risk to your enterprise today and your ability to respond and recover. The emphasis you place on who in your enterprise governs your security strategy and at which level this responsibility lays will say a lot about your readiness to deal with a breach when it happens and the importance you place on protecting IP, customer data and other sensitive information.
Any modern enterprise should have their own cyber command: an information security organization and a response plan with a scope and necessary authority to impact other organizations.
Insider Risk – How Prepared Are You?
Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.