Navigating the National Cybersecurity Strategy: A Guide for Your Business

As our digital world keeps evolving, the importance of cybersecurity in our daily lives continues to grow. With cyber-attacks becoming increasingly sophisticated, being proactive and implementing a multi-layered security strategy is essential. At Veritas, we're dedicated to keeping you informed about the latest cybersecurity strategies and best practices to ensure your organization stays protected and resilient.

The Biden-Harris Administration's National Cybersecurity Strategy is a significant step towards enhancing cybersecurity across public and private sector organizations and expanding beyond front-line security protocols. This comprehensive strategy focuses on increasing responsibility, sharing the burden, and creating a united front against cybersecurity challenges, particularly the rising threat of ransomware. In this guide, we'll explore the highlights, and how this strategy might impact your business and cybersecurity measures.

Emphasizing Resiliency Best Practices

One of the major takeaways from the March 3rd cybersecurity report is the need to make resiliency best practices mandatory for organizations. Alongside the report, acting National Cyber Director Kemba Walden held a press conference to discuss the objectives of the National Cybersecurity Strategy. Kemba shared her perspective that nicely summarizes the key takeaways, "Our ultimate goal is a digital ecosystem that is more inherently defensible, resilient, and aligned with our values. And what do I mean by that? Defensible means that we’ve tipped the advantage from the attacker to the defender by designing systems where security is baked in, not bolted on. Resilience meaning that when defenses fail, which they sometimes will, the consequences are not catastrophic, and recovery is seamless and swift. Cyber incidents shouldn’t have systemic real-world impacts."

For me, this quote encapsulates some of the crucial takeaways from the National Cybersecurity Strategy, the major one being a shift to resiliency best practices. The reality of today is that cyber criminals are often getting past even the best front-line defenses. If businesses were prepared to be resilient, with additional tactics in place to reduce attack surface, optimize for recovery and protect data, then an attack is not catastrophic! As we mentioned in our earlier blog, "Cybersecurity Hygiene Top of Mind Following White House Memorandum," building systems with the zero trust posture and security integrated from the start (not added later) is crucial for effective protection against cyber threats. This includes using multi-factor authentication, segmenting networks, and implementing immutable storage—all effective ways to prevent and be resilient from ransomware attacks.

The Shift in Shared Responsibility for Data Protection

It's essential for businesses, especially large enterprises driving innovation to take more responsibility and not rely solely on regulations and developers. This brings us to the second important insight from the National Cybersecurity Strategy, which highlights the shift in shared responsibility for data protection. It places more focus on technology developers as well as people and processes. In my opinion, this is a great point, as it includes implementing proper access controls and regularly conducting vulnerability assessments.

Increasing Accountability for Data Stewards

As a data resiliency enthusiast, the National Cybersecurity Strategy's third key takeaway really resonates with me. It stresses the importance of data stewards being more accountable in safeguarding all types of data, particularly sensitive information such as trade secrets, intellectual property, and Personal Identifiable Information (PII). In our previous blog, "Why You Should Be Worried About Uber's Security Breach," we discussed the severe consequences of data breaches, including financial penalties and reputational damage. This highlights how crucial it is to take data protection seriously.

Strengthening Public-Private Partnerships for Cybersecurity

The strategy also recognizes the importance of enhancing public-private partnerships to improve cybersecurity. At Veritas, we advocate for the zero-trust security model, which helps minimize the risk of cyber-attacks by limiting access to sensitive information and continuously verifying trust in all devices, applications, and users.

The Biden administration supports legislative efforts to limit the collection, use, transfer, and maintenance of data, including sensitive business data. Noncompliance may result in significant consequences for businesses, such as financial penalties and reputational damage. Therefore, it's crucial for businesses to identify and manage sensitive data to avoid potential compliance issues. This includes establishing data protection policies and procedures and implementing minimum cybersecurity measures for critical infrastructure.

Conclusion

In conclusion, the launch of the Biden-Harris Administration's National Cybersecurity Strategy is a positive,  and in my opinion, a mandatory step towards improving cybersecurity across public and private sector organizations. As the saying goes, "Cybersecurity is a team sport." There's no way we can win against advanced hackers without working together. It's encouraging to see this conversation come to the forefront, and I'd like to see it strengthened even further. By emphasizing resiliency best practices, shared responsibility, and increased accountability for data stewards, businesses can better protect themselves against cyber threats and prepare for potential data regulations.

At Veritas, we remain committed to helping our customers stay protected and resilient in this ever-evolving digital landscape. We offer so much more than data protection and management solutions, with a security mindset at the core of everything we do. We help organizations implement effective resiliency best practices, including IAM (Identity and Access Management) like multi-factor authentication and role-based access controls, data encryption, immutable storage, and turn-key isolated recovery environments (to name a few) to protect against ransomware attacks. Additionally, we help our customers set up non-disruptive recovery rehearsals to limit downtime and reduce the impact of an attack. We also provide powerful solutions like AI-powered anomaly detection and malware scanning to monitor and notify when out-of-the-ordinary events occur in your environment. We also provide educational resources and training to our customers to help you stay up-to-date on the latest cybersecurity strategies and best practices.