New Insights: White House warns companies to step up cybersecurity: ‘We can’t do it alone’

News Insights:

Saryu Nayyar, CEO, Gurucul (she/her):

“These are all excellent recommendations. However, there is a missing element of proactive defense here. Organizations need to implement cyber defenses that can reduce the attack surface and detect ransomware attacks in real-time, not just prepare for quickly resuming operations after a ransomware attack. Modern security operations should include data science powered technology paired with traditional cyber defenses to thwart ransomware attacks. Privileged access management, continuous authentication, MFA, risky account discovery and cleanup, intrusion detection, behavioral analytics, data loss prevention, firewalls, Endpoint Detection and Response (EDR) or even better Extended Detection and Response (XDR) – all these are modern security measures needed to keep attackers from successfully penetrating corporate networks and interrupting operations. The technology is available. It’s just a matter of putting it in place and working diligently to identify and derail cybercriminals and malicious insiders before they derail you.”

Garret Grajek, CEO, YouAttest:

“The White House is calling for immediate actions enterprises should take to mediate the risk of ransomware and other attacks. One of the focus areas was the segmentation of networks.  We have seen firsthand how current compliance measures intersect with new security initiatives such as Zero Trust and Micro-Segmentation. Regulations themselves are not keeping up with these types of technical advances as there are no stated requirements for Zero Trust, but components of the best practices of Zero Trust are imbued into the regulations, and we need the tools and practices that allow our technology to meet our security needs while keeping in compliance.”

Doug Britton, CEO, Haystack Solutions:

“The White House has expertly identified the key steps that companies can take to minimize the risk & impact of a ransomware attack.  Unfortunately, with hundreds of thousands of cyber positions unfilled in the US alone, the million-pound gorilla in the room is, “where are the qualified cyber practitioners that can expertly implement the recommendations?”  Ideally, the national strategy will also rethink the underlying economics of identifying the potential talent, decreasing the cost of training the talent, and retaining that talent in industry.”

Tom Garrubba, CISO, Shared Assessments:

“These repeated breaches indicate it is time to hold critical infrastructure organizations accountable. Financial institutions and even retail have been held to a higher level of legislative scrutiny, so why is it that infrastructure organizations appear to skate by? Perhaps it’s time to bring in the executives and board members of these breached organizations to publicly explain these breaches and how their organizations are addressing the IT risks in the current environment. Every C-Suite and BoD needs to be similarly prepared to answer these questions.”