Each October, the Cybersecurity & Infrastructure Security Agency and theNational Cybersecurity Alliance lead the cybersecurity community in an educational campaign around the impact of cybersecurity breaches and best practices to prevent them. Cybersecurity Awareness Month was created to raise awareness about the importance of cybersecurity among individual citizens and companies alike. As exemplified by the theme, "Do Your Part. #BeCyberSmart," the campaign serves to remind us that everyone has a role in ensuring the security of data and systems.
Events, educational materials, videos, blogs, and more will be produced throughout the month by a variety of government entities, non-profits, and commercial organizations to illustrate this shared responsibility. To organize the vast amounts of information, the month is divided into themed weeks with a focus on the threat of phishing and a push to increase interest in cybersecurity careers:
With so many high-profile hacks this year, it's easy to want to throw up your hands and say, "Is there nothing that can be trusted?!" Interestingly, that lament is what is driving the latest approach to cybersecurity -- zero trust. Zero trust is what it sounds like, a security approach centered on the belief that organizations should not automatically trust anything accessing their systems either inside or outside their perimeters. Instead, all people and devices must be verified before access is granted. To the untrained eye, this seems untenable. How, in this day and age, when we depend on digital information and connection to do most anything, can we use a process where we have to constantly verify identity and access permissions? Luckily, the practice of zero trust is more sophisticated than its premise.
With a number of high-profilesecurity hacks involving widely used software, government agencies are retraining their focus on their organization's security measures and those of the vendors and service providers that work with them. This shift in focus was actually on the rise before the recent hacks in anticipation of cyberattacks just like the ones we've recently seen.
In January of 2020, the Defense Department implemented the Cybersecurity Maturity Model Certification (CMMC), a unified standard for implementing cybersecurity across the defense industrial base (DIB), which includes over 300,000 companies in the supply chain. Contractors have always been held responsible for implementing and documenting their IT systems' security that touch sensitive government data. Under CMMC, this continues, but adds the need for a third party to assess the contractor's compliance.
From time to time GovEvents will come across information we feel our members and audience would benefit from. Here's something we wanted to share:
Ticket holders for the annual Coachella Valley Music and Arts Festival who are looking forward to spending two weekends in the California desert with some of the biggest names in music may have had their anticipation dampened by a bit of bad news from festival organizers last week. "We recently discovered that unauthorized third parties illegally gained access to the usernames, first and last names, shipping addresses, email addresses, phone numbers, and dates of birth individuals provided to Coachella," read an email from the festival. "We have taken measures to block further unauthorized access, and reported the matter to the appropriate authorities for further investigation." Continue reading →