2021 was a big year for cybersecurity — and not in a good way.
Ransomware volumes reached record highs last year, with cyberattacks seeing an increase in the triple digits. High-profile attacks like Colonial Pipeline, Volkswagen, and JBS offered a sobering window into cybercrime’s capacity for harm. More importantly, they spotlighted the need for better cybersecurity oversight, policy, and legislation.
It is a need that the White House appears to understand. In response to a constantly evolving threat landscape, President Biden issued a series of executive orders which aimed to improve cybersecurity in the following ways:
● Facilitate better sharing of threat information between the public and private sectors.
● Modernize the US federal government’s infrastructure, processes, and practices.
● Improve supply chain security in the public sector.
● Establish a cyber safety review board.
● Define a standardized cybersecurity incident response playbook.
● Improve detection, investigation, and remediation of digital threats.
Alongside this executive order, the Biden presidency invested a great deal into cybersecurity over the past year. Biden’s COVID relief plan, for instance, included over $10 billion in funding for cybersecurity and IT. More recently, the White House’s $1 trillion infrastructure bill added another $1.9 billion to its security budget, at least $500 million of which will go to the Cybersecurity and Infrastructure Security Agency (CISA).
More Effective Threat Management
Congress also introduced more than seventy new cybersecurity bills in 2021 — many of which focused on incident reporting and response.
Currently, incident reporting within the public sector is primarily voluntary. By adding centralized oversight, the federal government improves visibility and accountability across its ecosystem. It is also able to mobilize its full resources when responding to attacks.
There are several acts that play a key role in this initiative:
● The Cyber Incident Reporting Act. Establishes clear timelines for incident disclosure.
o Owners and operators of critical infrastructure must report cybersecurity incidents to the CISA within 72 hours.
o If an organization pays ransomware distributors, they must report the event within 24 hours.
● The Federal Information Security Modernization Act. Requires federal civilian agencies to report breaches to the CISA, ensuring it can take the lead in incident response. Also requires the government to disclose data breaches to the American public.
● The CISA Leadership Act. Requires that the CISA director is both presidentially nominated, and Senate approved for each 5-year term.
Promoting Better Information Sharing
The federal government recently passed two other particularly noteworthy pieces of legislation. First, as of October 20, 2021, the FCC must establish a permanent council to increase the security, resilience, and reliability of national telecommunications networks. Another law passed unanimously on November 3, 2021, requires the Small Business Administration to notify Congress of any security breaches that compromise sensitive information.
Better Insights, Better Data, Better Security
These sweeping measures are a step in the right direction. But they’re also only the first step. The government still has work to do if it is to remove information barriers between sectors, modernize its security, and improve its incident reporting. But given the commitment we’ve witnessed thus far, it’s less a question of if the White House’s security initiatives will succeed, but rather one of when.
To support your security program, you need to ensure you’re using the right tools. That’s where IRONSCALES comes in.
Email is the most common threat vector in the world, and one of the most overlooked. Email phishing is responsible for 70% of government breaches. With our self-learning, AI-driven email security solution, you can ensure your organization doesn’t become part of that statistic. We’ll help you stay secure, compliant, and productive, no matter what threats you may face.
To learn more about IRONSCALES’ award-winning anti-phishing solution, please sign up for a demo today at https://ironscales.com/get-a-demo/.