For those companies in the defense sector, you know very
well that the Department of Defense (DoD) is pretty much your main bread and butter. But as the Cyber Threat Landscape has
evolved, so have the security precautions that the DoD has set into place to
make sure that whatever information is transmitted to during and after the bidding
process remains confidential.
To this end, they have implemented what is known as the “Cybersecurity
Maturity Model Certification”, also known as the “CMMC” for short. Long story short, this is where the Defense
Industrial Base (DIB) and their subcontractors have to reach a certain level of
Cyber certification before they will even be allowed to bid on any kind of contract.
The CMMC framework has been going on for a number of years
now. In fact, there are two different
versions of it. In the first one, there were
five different levels of certification that could be achieved, but with the newer
version of it, there are only three. In
fact, the requirements have actually eased up a bit in this round to help
defense contractors get their certifications quicker.
Although achieving CMMC certification at any level can be
both a herculean and daunting task, as a CISO of a defense business, you have
to realize that simply achieving it is not the end of your Cybersecurity
efforts to beef up your lines of defenses. You will have to keep pushing through, no
matter how hard and long the journey might be.
To this end, I came across an article in which a 30-year-old
veteran of the Cyber industry who echoes these same thoughts. His mantra is “Harden”, and he has a six-step
approach to this:
1)
Harden your people:
This includes both the members of
your IT Security team and the other employees in your company. The best way to do this is through constant
security awareness training programs, and holding mock simulation attacks.
2)
Harden your Cloud:
Whatever Cloud platform you make
use of, such as the AWS, Azure, or the GPC, make sure to use all of the tools
that are available to you in your subscription to protect your IaaS, PaaS, and
your SaaS environments. An
important thing to keep in mind here is that you are ultimately responsible for
the configuration of these tools, not your Cloud provider!!!
3)
Harden they endpoints:
The term “endpoint” can be
confusing, but for purposes of this blog, it simply means all of the devices in
your company that are being used by your employees, whether they are on site,
hybrid, or remote. The best level of
protection that you can offer here is to use what is known is known as an “Endpoint
and Detection Response” (also known as “EDR”) solution to fortify all of those
devices.
4)
Increase your levels of both visibility and
detection:
This simply means collecting all of
the information and data from your network security devices into one central repository,
such as that of a SIEM. This will show
you all activity on a real time basis from just one point of view. You can also make use of both AI and ML tools
to help filter out for the false positives, so that only the real and authentic
ones are presented to your IT Security team for appropriate triaging.
5)
Keep hunting:
As a CISO, you can never assume
that all of your weaknesses and gaps have been filled. There will always be some, so therefore, you should
always on a regular basis, be engaged in both Penetration Testing and Threat
Hunting exercises on a regular basis (at least on a quarterly basis). Also, conducting Vulnerability Scans would be
a good thing here to do as well.
6)
Respond quickly:
The bottom line here: If you detect a threat, respond immediately!!! Don’t wait for seven months or so in order to
detect it (that is currently how long it takes Corporate America to detect a
security breach). For this to happen,
you have the right Incident Response (IR), Disaster Recovery (DR), and Business
Continuity (BC) plans in place, and they must be rehearsed also on a regular
basis.
My Thoughts On This:
Don’t wait to get CMMC certification to take these above-mentioned
steps. In fact, the DoD even recommends
that the best way to get certified is for your company to be proactive on the
Cyber front at all times, and take all of the steps that are necessary to
protect your lines of defense.
No comments:
Post a Comment