SMBs should consider conducting internal phishing tests to teach their employees about the dangers of social engineering attacks. They must be continuously tested and reevaluated to uncover systemic deficiencies within the organization. This can be achieved through various data loss prevention solutions and a network architecture that utilizes layering, diversity, obscurity, limiting and simplicity.Įmployees must be educated on the evolving threats and their role in supporting a proactive security posture. The CUI must be labeled and its movement monitored and controlled. Organizations may choose to segment the CUI resident in their environment to limit the scope of the required security controls. SMB contractors must identify the CUI residing in their environment and take the necessary defensive measures to ensure the data is secure at rest, in transit and during processing. The risk of housing CUI must be assessed at the highest levels of the organization SMBs must have a defined set of policies and procedures to ensure that all technical, administrative and physical safeguards are met and understood by all relevant stakeholders. CUI controls penetrate far beyond the corporate IT infrastructure. It must be baked into the corporate culture as a positive necessity, not expressed as an additional burden. ![]() ![]() Implementation of a secure cyber workplace must start with senior leadership and be recognized throughout the organization as an enterprise initiative. The bar must be raised by those who contribute to the defense of the nation, regardless of company size or revenue. SMB contractors must recognize the importance of Defense Department and National Institute of Standards and Technology (NIST) requirements and dedicate the necessary resources to achieve compliance.ĬUI, a categorization of data that encompasses a wide array of limited distribution information, resides in hundreds of small businesses across the country. Long gone are the days when tasking corporate digital security to an understaffed, underfunded and overburdened IT department was sufficient. This is evident by the countless breaches that have occurred against government contractors over the past year.Īd hoc methods of protecting sensitive data, including controlled unclassified information (CUI), are no longer acceptable. The tabletop scenarios have been realized and without widespread adoption of cybersecurity best practices, the United States will continue to bleed its intellectual property. The threat is no longer doomsday rhetoric used by those in the security field to push for change. ![]() ![]() To bypass the robust security controls that the government and large contractors have in place, malicious actors have put significant manpower into compromising small- and medium-sized businesses (SMBs). Digital espionage also levels the playing field for nation-states that do not have the resources of their more sophisticated competitors. A successful intrusion campaign can drastically reduce or even eliminate research, development, test and evaluation (RDT&E) costs for a foreign adversary. adversaries continue to target and successfully exploit the security weaknesses of small-business contractors.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |