2020 certainly has shown us the importance of cybersecurity and how vulnerable our systems can be in a 100% virtual world. With no doubt, 2021 will continue to bring various challenges when it comes to keeping your organization’s data safe online.
Here are six areas of cybersecurity to stay alert for this year:
- Continued Phishing Attempts: Phishing attempts are continuously being refined, as hackers devise sophisticated ways to intrude into organizations. One of the most common examples is email impersonation. Attackers are learning how to analyze a corporate hierarchy and forging emails in an executive’s name. Pay close attention to the sender’s email address to ensure that it came from your organization.
- Remote Work Safety: A large portion of United States workers are still working from home, and these individuals will be the focus of cybercriminals. Whether this is due to lack of physical security in remote workers’ homes or other locations or the use of personal devices, not all remote work is secured the same way if an employee was on-premises. The safety of remote workers should continue to be a major focus for organizations.
- NIST 800-171: If your organization handles government-controlled unclassified information (CUI) or works with the US Government, the new Interim Rule change to the DFARS went into effect on November 30, 2020. Now Contractors have contractual obligations to meet DFARS 252.204-7912 (DoD) and NIST SP 800-171r1 or FAR 52.204-21 (Federal). Prime contractors flow down the requirements to partners and subcontractor.
- CMMC Assessment & Mitigation: If your company is on a DoD contract, you will be held accountable for security assessments under the Cybersecurity Maturity Model Certification (CMMC) program. While the Government will take through 2025 to completely roll out the program, the requirement has already started to appear in DoD contracts. Many Prime Contractors have begun to levy the requirements on their subcontractors as the rule applies to both Primes and Subcontractors.
Learn more about specific requirements of the NIST 800-171 & CMMC and how Braxton-Grant can help here.
- Cloud Security Breaches: Due to the remote and hybrid IT environments in today’s corporate world, cloud security breaches are currently at an all-time high. In fact, a study by Rebyc found that 35 percent of companies surveyed said they plan to accelerate workload to the cloud in 2021. Threats such as account hijacking, data breaches or insecure application programming interfaces (APIs) can compromise your cloud systems.
- Online Cybersecurity Training: With work from home trends not slowing down anytime soon, cybersecurity training is now being addressed remotely and online more now than ever, and it is a good possibility this transition is here to stay. Stay alert for videos, live webinars, or one-on-one virtual meetings with cybersecurity experts without having to leave your desk.
Check out the remote training Braxton-Grant conducts with various partners here.
While all the possibilities of cybersecurity threat can be daunting, the best solution is to be proactive now and assess your organization’s cyber hygiene. A basic cybersecurity assessment can indicate whether your business has a strong cybersecurity posture to meet existing and future customer, industry, and government security requirements. Every company with an information technology system needs good cyber hygiene regardless of whether you have a government requirement for certification. Braxton-Grant offers cybersecurity assessment tailored to your specific needs.
We can provide:
- A cybersecurity health grade.
- Guidance to understand current security risk.
- Recommendations for improvement through a Hygiene Assessment Report, customized to your environment.
- Mapping to key cybersecurity frameworks and controls (e.g. NIST SP 800-171, NIST SP 800-53, CIS 20, GDPR, and HIPAA).
For government contractors, we also offer NIST 800-171 and CMMC Assessments.