On March 2, 2023, The White House released the National Cybersecurity Strategy to “reimagine cybersecurity to better ensure a safe and secure digital ecosystem for all Americans.” As per the National Cybersecurity Strategy Fact Sheet, the program has two stated goals:
- We must rebalance the responsibility to defend cyberspace by shifting the burden for cybersecurity away from individuals, small businesses, and local governments and onto the organizations that are most capable and best-positioned to reduce risks for all of us.
- We must realign incentives to favor long-term investments by striking a careful balance between defending ourselves against urgent threats today and simultaneously strategically planning for and investing in a resilient future.
One goal of The Biden-Harris Administration strategy is a commitment to hold software developers and service providers responsible for inadequate cybersecurity. Since software runs the world, this initiative affects everyone with Internet access and a job.
In the spirit of seeing this “glass” as half-full, we’ll review the five pillars (directly cited and paraphrased from this new cybersecurity initiative) and explore practical ways for you to reimagine IT planning and budgeting.
The White House may be taking a global approach, but its messaging and terminology have relevance to everyday operating activities, IT conversations, and mindsets.
National Cybersecurity Strategy Pillar #1
Defend Critical Infrastructure – and national security by giving the American people confidence in the availability and resilience of our critical infrastructure and its essential services by:
- Expanding the use of minimum cybersecurity requirements
- Harmonizing regulations to reduce the burden of compliance
- Enabling public-private collaboration
- Defending and modernizing Federal networks
- Updating Federal incident response policy
The success of your business depends on the availability and resilience of critical infrastructure. Flimsy IT systems undermine team morale and confidence in the durability of your organization.
Today’s hybrid workforce expects secure anytime access to applications, and they don’t have time for workarounds or outages induced by cyber-attacks.
Are you enforcing minimum cybersecurity requirements like Password Management, Single-Sign-On, and Multifactor Authentication?
Is your IT strategy aligned with a compliance framework based on maintaining modern infrastructure with updated incident response policies?
You’re on the right track if you can say “yes” to both questions. Unfortunately, everyone is connected to businesses that aren’t as vigilant.
Learn More: 4 Takeaways From China’s Largest Data Breach
National Cybersecurity Strategy Pillar #2
Disrupt and Dismantle Threat Actors – with all instruments of national power to make malicious cyber actors incapable of threatening US national security or public safety by collaborating with the private sector and comprehensively addressing the ransomware problem with our international partners.
Ransomware is one of the biggest menaces on the web, according to ZDNet. Since the net covers the entire planet, a cyber incursion into a hospital network in Angola may find an open door in Iowa when an employee at a small insurance agency clicks on the wrong email.
This international threat infiltrates every facet of today’s digital world, including but not limited to:
- Mobile phones
- iPhone and Android app marketplaces
- Smart appliances
- Gaming consoles
- Home security cameras
- Vending machines
- Gas station payment systems and more
It’s time to rethink collaboration and partnership opportunities in your immediate sphere of influence. In other words, think globally. Fight ransomware locally.
If you work with an IT MSP and they don’t have vCISO services, consider hiring one, even if they work for a competitive MSP.
vCISOs bring Certified Information Systems Security Professional (CISSP) credentials to the table to help the MSP identify blind spots, tighten gaps, improve security operations, and reduce liability for the client.
Forbes notes, “A CISSP professional maintains an organization’s IT security systems, securing data against external threats. Responsibilities may also include running security audits, gathering data on security performance, managing teams of IT security professionals, and creating security reports for stakeholders.”
In this setting, the vCISO can validate and support the work of the MSP. And make them look better. That’s what I call a client win!
National Cybersecurity Strategy Pillar #3
Shape Market Forces to Drive Security and Resilience – by placing more responsibility on those best positioned to reduce risk (organizations) while shifting the consequences of poor cybersecurity away from the most vulnerable (individuals) through:
- Promoting privacy and personal data security
- Increasing liability for software developers to promote secure development practices
- Ensuring that Federal grant programs promote new investments in secure and resilient infrastructure
This cybersecurity strategy pillar is receiving the most headlines. And the publicity is richly deserved. Hopefully, new liability concerns will inspire software makers to rethink the famous mantra “better, faster, cheaper.”
“Developers often focus on getting good, working code (software) out the door. Oftentimes, security is an afterthought that can really delay your ability to release code,” observes James Carder of LogRhythm.
He continues, “It behooves developers and product managers to have security built into the development lifecycle and built into their go-to-market strategies, including any security certifications and/or other industry requirements.”
While software security will improve, this shift will not happen overnight.
Do you have a good read on the safety and security of your software vendors? Are your IT systems designed for resilience and a smooth pivot to more secure software alternatives if something breaks?
Learn More: 6 Security Risks in Software Development
National Cybersecurity Strategy Pillar #4
Invest in a Resilient Future – by using strategic investments and coordinated, collaborative action to lead the world in the innovation of secure and resilient next-generation technologies and infrastructure to:
- Reduce Internet infrastructure vulnerabilities across the globe
- Prioritize cybersecurity R&D for postquantum encryption, digital identity solutions, and clean energy infrastructure
- Develop a well-rounded, talented, and robust national cyber workforce
Investing in a resilient future is the best way to ensure the success of your mission. This endeavor requires a nuanced perspective on managed IT services and cybersecurity.
While managed IT services include various standard cybersecurity tools, cybersecurity is breaking out as a separate discipline with a deeper catalog of products, services, and certifications.
Your IT MSP will bundle many of the following with your infrastructure and help desk services:
- Password Management
- Single Sign On
- Content Filtering
- Managed Firewall
- Backup and Disaster Recovery
However, your IT MSP will charge extra for the following supplemental cybersecurity products and services:
- Managed Detection and Response
- Security Event Information Management Solutions
- Vulnerability Testing
- Security Audits
- Cybersecurity Awareness Training
- Creating security and compliance policies
- Implementing cybersecurity frameworks
- vCISO services
- Security Staff Augmentation
- IT Governance and Risk Management
It’s time to consider separate budgets for IT management and cybersecurity. And be prepared to make a business case for each line item with your IT planning committee.
Learn More: Integris Cybersecurity
National Cybersecurity Strategy Pillar #5
Forge International Partnerships to Pursue Shared Goals – The United States leads the world in promoting responsible state behavior in cyberspace with like-minded nations to counter threats to our digital ecosystem through joint preparedness, response, and cost imposition. This initiative includes:
- Increasing the capacity of our partners to defend themselves against all cyber threats
- Working with our allies and partners to make secure, reliable, and trustworthy global supply chains for information and communications technology and operational technology products and services
Do you work with clients and vendors with similar business values? Is this reflected in their attitude toward growth, security, and risk management?
When your customers and suppliers understand how to evaluate and assign a cost to risk, they’re less likely to be the weakest link in a cybersecurity incident. They’ll invest in responsible IT architecture and supplemental cyber security services.
Find partners that are willing to make strategic investments in preventative measures. When security standards and compliance frameworks feature prominently on websites, press releases, contracts, and proposals, you know whether they share the same goals.
Your Cybersecurity Strategy
An evolving cybersecurity strategy is synonymous with a sound business strategy. Investing in the future and improving resiliency increases your chances of success, spreads goodwill, and projects empathy.
As the world weathers an unprecedented barrage of cybercrime, a rising tide of accountability will raise all boats.
I’ve been in the MSP space since 2003 and noticed a promising trend: as security evolves, my productivity is skyrocketing. Sure, I have to spend about a minute logging into Windows and using Last Pass with Single Sign On and MFA to access the company network. But it always works.
This was not the case with my first IT MSP employer circa 2009. Our remote setup was clunky, hard to access, and much less secure. Logging in took 20 minutes and required support from an engineer.
Schedule a free consultation if you have questions about enhancing your cybersecurity strategy.