On February 17, 2021, the Ohio Cyber Reserve was deployed for the first time in response to a government ransomware attack. The Cyber Reserve and the Ohio National Guard teams were dispatched to reestablish network security and normalcy to the agency.
The Cyber Reserve was part of Senate Bill 52 that went into effect in March of 2020. It was created to “improve information integrity and security”. The bill allows public institutions, local governments and private businesses that are under cyber-attack to get help from highly trained cyber experts contracted by the state.
While this story has a happy ending, one question remains: how can these organizations stop an attack before it happens? Wouldn’t it be better to catch and address potential threats from within the establishment itself, before they become real? In a world where cyber roles are frequently unfilled and resources are spread thin, how do we improve our readiness to both respond to incidents and reduce their probability?
Improving cyber readiness is critical to national security. That is why a well-trained and documented cyber-ready workforce is key to preventing future cyber-attacks.
What Is Cyber Readiness?
Cyber readiness, in its simplest terms, refers to the comprehensive approach to protecting our cyber landscape. It helps integrate security measures across an entire infrastructure that continuously monitors threats as well as incoming and outgoing activity across your networks.
- Cyber readiness puts in place security rules to:
- Continuously monitor virus and corruption threats
- Immediately detect any data-breaching behaviors
- Proactively protect a company’s assets, including private data
- Assess and train personnel (general, as well as cyber specific roles)
Many organizations do have their own cybersecurity processes; however, most are ineffective in detecting threats and – even worse – remedying attacks.
Threats Against Cyber Readiness
While government agencies and private companies are dedicated to their cybersecurity practices, threats still remain, including:
According to predictions from Cybersecurity Ventures, there will be an estimated 3.5 million cybersecurity jobs available in 2021. As cyber-attacks continue to rise, government agencies and private companies will find themselves in constant dangerous situations.
Larger and Repeated Breaches
As we had recently presented, the SolarWinds breach, arguably the largest breach in history, went undetected for months. Four government agencies failed to discover the breach, nor were willing to accept responsibility, leaving America vulnerable to future attacks.
Lack of Cybersecurity Governance
Cyber threats are ongoing and forever evolving. Instead of one-off, fix-it-and-forget-it solutions, organizations need to embrace a holistic, enterprise approach to cyber readiness. These strategies will allow for better identification, mitigation and protection against attack.
How Can Government Organizations Achieve Cyber Readiness?
Step 1: Identify key players.
This includes your cybersecurity workforce, your compliance partners, and any other third-party entities who fall under your cybersecurity network. Ensure each division knows their responsibility and hold them accountable.
Step 2: Develop (or review) cybersecurity policies and procedures.
Examine your existing policies. How well is your organization prepared for its cybersecurity? Is your response team right-sized and capable of responding to threats? Does your documentation provide enough guidance for employee performance and conduct?
Step 3: Identify key compliance training needs and build an ongoing training schedule.
Each employee has different needs when it comes to cybersecurity compliance training. Mapping a training schedule to the employees keeps your entire workforce current in necessary regulatory requirements.
CyberSTAR is the trusted source for ongoing cyber training. Used by the DoD and other government agencies, it is the largest automated credentials management and cyber workforce compliance system available, with over two million registered users.
CyberSTAR helps streamline processes and maintain current credentials for your cyber workforce by:
- Ensuring proper training and certification (including DoDD 8570, DoDD 8140, NIST NICE and other commercial standards)
- Matching personnel and roles to contractual or regulatory requirements
- Forecasting, planning and recruiting workforce
- Continuous compliance and on-demand reporting
- Reducing the cost and complexity of identifying skill gaps
CyberSTAR is the one source of truth for all your cyber training and certification—evaluating, expanding and enhancing your organization’s cyber readiness.