READ TIME: 4 MIN
Cybersecurity as a Matter of National Security
Business security, energy security, food security…national security. All one in the same.
While Iowa grain co-op, New Cooperative, may seem far removed from the capital of the U.S. government, a ransomware attack threatened food security of people in the Midwest. The event is not just a concern for local residents; the cyberattack, and its implications, are a concern for everyone across the nation.
A few months before the $5.9 million attack on New Cooperative, the world’s largest meatpacker based in Brazil, JBS, experienced a ransomware attack that disrupted meat production in North America and Australia during the height of grilling season. Prices of U.S. beef shipped to wholesale buyers increased more than 1%, according to USDA.
And it’s not just the agricultural sector that cybercriminals can target to cripple U.S. national security. In May, another ransomware attack hobbled Colonial Pipeline, interrupting fuel service for six days to large sections of the east coast. The oil pipeline finally paid $4.4 million for the decryption key.
Furthermore, certain industries are more heavily targeted for their widespread effects on broader swaths of the U.S. population. Markets with essential services face more threats and harbor greater responsibility in shoring up vulnerabilities.
Here are the top 10 most targeted industries and their most common form of cyberattack in 2020, according to 2021 X-Force Threat Intelligence Index.
Top 10 Industries Targeted in 2020*
Most Common Attack Per Industry in 2020*
Server access attacks
Business Email Compromise
Data theft and leaks
5. Professional Services
Malicious domain name system (DNS) squatting
Malicious insider or misconfiguration
Spam or adware
- IT service providers must inform the government of cybersecurity breaches that could impact U.S. networks.
- A standardized playbook outlines a predetermined set of federal responses to cyber incidents.
- The Federal Government must modernize its cybersecurity infrastructure through cloud services and zero-trust architecture, mandated multifactor authentication and encryption, robust endpoint detection and response, and consistent event logging practices.
- Software developers must share certain security data publicly and must meet baseline security standards before the software can be sold to the government.
- A Cybersecurity Safety Review Board, comprising government and private sector officials, may convene after a cyberattack to analyze the event, its causes, and impacts, and make recommendations to further improve the nation’s cybersecurity.
Cybersecurity is so important that the President of the United States is making sweeping Executive Orders to improve it.
If the United States has a multilayered approach to protecting the nation’s cybersecurity and cyber resilience, shouldn’t your business have a plan?
Here’s a list of effective tactics to build your business’ multilayered cybersecurity:
- Endpoint Detection and Response
- Windows Patching and Third-Party patching
- Cloud Email Security per User
- Cybersecurity Health Check and Review
- Security Awareness Training
- DNS Security
- Incident Response and Remediation
- Vulnerability Scans of Network Edge
- Security Information and Event Management (SIEM)
- Event Log Correlation and Aggregation
- 24/7/365 Monitoring