Cybersecurity Compliance: Expert Tips from the former CIO of the CIA

January 8th, 2021

Today, increasingly more companies are being asked by their partners and customers to assess their cybersecurity based on industry and government standards; however, many are finding that they are unprepared to assess their cybersecurity and are unaware of whether their practices will consistently be compliant with guidelines.

Recently Defendify interviewed Alan Wade, the former Chief Information Officer (CIO) at the U.S. Central Intelligence Agency (CIA,) to address the issue of compliance and remedy some of the unknowns that many businesses have.

Alan explained what security standards to look out for, and what resources, processes, and frameworks can help with satisfying standard compliance requirements. He also shared insights on recent threats facing businesses of all sizes, and tips for how small and mid-sized businesses can strengthen their cybersecurity postures.

The biggest cybersecurity challenges facing small and mid-sized businesses today are the same ones facing large enterprise businesses.

Smaller businesses do not have the staff that large enterprises have. So, sadly, whether you are a small enterprise or a large enterprise you have to deal with the big issues.

3 issues small and mid-sized businesses should be aware of:

  • Ransomware, a problem that everyone from small businesses to the government faces.
  • Insider threats, from employees who, intentionally or mistakenly, cause a cyber incident.
  • Patching, a crucial aspect of a strong cybersecurity posture that organizations often overlook or are slow to execute.

Bad actors will reverse-engineer patches and updates when they are released so that they can attack those who have not yet installed the updates that fix vulnerabilities.

Presentation attendees reported that they found that cyberthreats they were facing were becoming increasingly more challenging. In a poll, 91% of attendees responded that they found the cyberthreats facing their company were becoming “more challenging” rather than staying the same or lessening.

3 Tips to boost cybersecurity strength:

Alan Wade shared the following tips for small and mid-sized companies to help them strengthen their cybersecurity posture and comply with security guidelines.

1) Company leadership needs to focus on cybersecurity issues.

Cybersecurity is a strategic component to business operations to prevent the extensive damages that a cyber incident can cause. It is crucial that company leadership build an understanding of their current cybersecurity posture, and work with their teams to ensure a strong ongoing cybersecurity program.

2) Understand which of your assets need to be protected.

Every business should know exactly which of their assets should be protected and secure. Start with intellectual property, human resource data, and customer data, then look at data being exchanged with outside applications and groups.

3) Put in place a risk management system for assets needing security.

While there is no way to ever be 100% secure, it is imperative that once you know which assets need to be secured, you understand the steps needed to ensure security over time.

To learn more about how common compliancy regulations like CMMC, PCI, GDPR, and HIPAA are evolving, and to better understand the risks of non-compliance, watch the full Alan Wade interview at www.defendify.io/cia.