One of the biggest complaints in Cybersecurity today (among many
others) is that the Small to Medium Sized Business (SMB) community is that trying
to procure services that are needed to protect the lines of defenses are simply
too expensive for them to afford. While
I can see this to a certain extent, the truth of the matter is that Cyber
services are now getting very affordable to the SMB owner.
But, it takes some work and research to find these
vendors. So, in an effort to help out the
smallest of the small businesses, people are now calling upon the US
Cybersecurity and Infrastructure Security Agency (CISA) to aid in this effort,
and to provide a central place where the business owners can get access to the information
to whatever they may need.
Here is what is being proposed for the CISA:
1)
Create a centralized approach for membership:
At the present time, many people
feel that joining the CISA is too expensive.
There are many cries out there for them to lower the price, so that all
businesses can afford it. In a worst
case scenario, there should be at least a tiered level membership.
2)
Expand the use of Albert Sensors:
Truth be told, this is the first
time that I have heard of this technology.
These are actually intrusion detection systems, and there are currently
about 800 of them being used across local and state governments all over the country. It has been estimated that they have generated
over 250,000 alerts and warnings on annual basis. The nice thing here is that are provided for
and funded by CISA. The thinking here is
that if CISA can do it this for the government, why can’t they do this also for
the smallest of the small? Or if not, at
least give them access to the information and data that is generated from
it? More information about Albert Sensors
can be seen at this link below:
https://sos.oregon.gov/elections/Documents/vote-systems/albert-sensor-february-2022.pdf
3)
More involvement from the Cyber community:
There has always been a need for
this, and many people have voiced their support for this. But however, it is a lot easier said than
done. Unfortunately, many Cyber vendors
still view the SMB market as not enough money to be made off of, but IMHO, they
need to get away from this kind of thinking.
I really don’t see the harm in offering some pro bono services, giving
back what you have been given goes a long way, I have been taught. But for this instance, people want the MSPs
and the MSSPs do take a much bigger role in this effort, led by CISA.
4)
Have a better portal:
At the present time, I don’t think
that CISA has an actual portal for members to log into, and get the latest
updates. Because of this, people want CISA
to create and deploy a Cyber portal for all members to access, and which can also
be customized to their own requirements.
But the most important thing that is needed right now is for
intelligence gathering and sharing, and making it as easy as possible to
access.
5)
Have a quicker time to report:
Right now, there is a lot of effort
on part of the regulatory bodies (such as the SEC) to mandate upon companies that
they must report a security breach within a certain timeframe. People now want CISA to do the same thing,
but for all businesses, no mater how large or small they might be, or the
industry that they are in.
My Thoughts On This:
The point of all this is to have a central point of control,
so that everything will follow in a streamlined process. But in my view, it is going to take much more
than this. We need a federal agency to
do all of this, such as a Department of Cybersecurity. This needs to be set up in way as to how the
DHS was set up right after 9/11.
I am actually going to be writing a whitepaper on this, so
stay tuned!!!
No comments:
Post a Comment