A Strong National Cyber Strategy is Good– Even If You Disagree With It
The White House released the National Cybersecurity Strategy in early March 2023. It articulates a clear vision for a desirable end-state, the principles that should guide cybersecurity policy to achieve that end-state, and concrete objectives that will demonstrate progress towards that goal. The Office of the National Cyber Director and the National Security Council staff […]
Invisible Data: Raise the Bar on the Cyberspace Attacker
The new National Cybersecurity Strategy from the White House has recently been published. There are undoubtedly controversial recommendations, such as calls for the imposition of liability for insecure software products and services and the increase of military support of private cybersecurity, and I look forward to those debates. I praise the National Cybersecurity Strategy for […]
Why Employee Training is a Company-Critical Initiative
Employee training is one of the most significant investments your organization may make. It’s also one of the most critical initiatives impacting the long-term success of any business. Employees need information to do their jobs well. Most want to advance in their careers, and if your employees don’t evolve with the times, they and your company […]
Trusting Your Workforce Could Be Easier in 2023
Anyone who has pursued a job in security, whether in the public or private sector, is aware of the thorough and lengthy process it takes to attain a government security clearance even after being hired for a position. A trusted workforce is key for security organizations and companies. The Defense Counterintelligence and Security Agency’s (DCSA) […]
The “Why” Behind Your People Strategy
If you’re not focused enough on your company’s most valuable asset — your people — you might be falling behind in your efforts to procure and retain employees. Furthermore, your organization may not be achieving the performance and results that you expect. You may need to revisit your people strategy. What is a people strategy? It’s your […]
Critical Infrastructure to Report Cyber Incidents
In March, President Biden signed the “Cyber Incident Reporting for Critical Infrastructure Act” (CIRCIA) into law. CIRCIA applies to the Critical Infrastructure Sector, which includes entities that are “vital to the United States” and whose incapacitation or destruction would have an adverse effect on national security, the economy, or public health and safety. Entities subject […]
Making the Most of Tight Budgets: Key Cybersecurity Risk Levers
Cybersecurity professionals everywhere find themselves in a precarious situation, grappling with two major forces that will continue into 2023: These challenges are common among my clients. Many of them are looking for ways to address financial scarcity while trying to protect their organizations from evolving global threats. I’m advising them to leverage cybersecurity risk levers […]
Cybersecurity Budget Redux
It’s that time of year again: budget season. And as organization stakeholders look ahead to 2023, cybersecurity might not be at the top of their budget priorities, despite research showing evidence that cybercriminals can penetrate 93% of company networks. Getting buy-in from all company leaders is the best way to build a robust cybersecurity strategy, […]
How to Budget the Right Amount to Address your Cyber Posture
According to a study released by Deloitte (FS-ISAC/Deloitte Cyber & Strategic Risk Services CISO Survey Reports; 2019 and 2020; Deloitte Center for Financial Services analysis), the average company will spend somewhere between 6% and 14% of their annual IT budget on cybersecurity. Moreover, according to Deloitte, the average annual security spending per employee increased from $2,337 in 2019 […]
Proposed New Data Security Rules Could Prove Duplicative, Forcing Banks to Turn Over Dangerous Amounts of Secured Data
An amendment to the National Defense Authorization Act passed by the House in July would create a “systemically important entity” designation, applying new regulations and offering priority aid to certain critical infrastructure companies. But the American Bankers Association and Bank Policy Institute say the amendment as applied to financial institutions would duplicate existing regulations under […]