With massive breaches involving SolarWinds, Microsoft Exchange and the Colonial Pipeline taking place in recent months, it’s become obvious that additional focus is required on our cybersecurity posture as a nation. To that end, on May 12 President Biden signed an Executive Order (EO) to improve cybersecurity standards and our response to cyber threats.
The focus of the EO is on Federal agencies and the private contractors they work with, but it also encourages private-sector organizations to follow its lead. Here are a few highlights of the EO, and what they might mean to your business.
What’s in the Executive Order on Cybersecurity
Sharing information: The EO aims to break down contractual barriers to the sharing of relevant information, a vital step in an improved cyber posture. IT service providers will not only be able to share information but will be required to share news of any breaches that might affect government networks. Almost every private company can do a better job of sharing threat-related information across all departments as well.
Modern approaches: This part of the EO attempts to bring government entities up to what many IT professionals consider bare-minimum standards. These include procedures like encryption, multi-factor authentication (MFA) and better security of cloud services. Again, the government should be doing things like these – and more – at a minimum, and so should your business.
Incident response: Also in the EO is a mandate for creation of a guide to be used during a cyber incident. Having a plan ready to go before a disaster results in swifter action and, often, less damage. Your business should also have an incident response plan, developed in careful coordination with your IT professionals.
Detection and response: Endpoint detection and response (EDR) will be implemented in all federal networks. This is a proactive way to monitor malicious activity and identify threats quickly, and important for your business as well. As one of our vendors puts it, “If ‘proactive detection, cyber threat hunting, containment and remediation’ are important enough terms to be penned on the President’s desk, it’s absolutely worth incorporating” into your own cyber strategy.
The bottom line for any company is that if hackers can breach the Colonial Pipeline and Microsoft, they can get to your organization. President Biden’s Executive Order makes it clear that cybersecurity demands a higher priority at the government level, and it surely does in the private sector as well.
Questions about your cybersecurity picture? Contact Hill Tech Solutions.