Committees are a common thing. Whether we are talking about ones created for important tasks like proposing new legislation or the party planning committee at the office, it can be considered a regular solution to addressing a myriad of issues.
Here’s what isn’t common – the creation of an entire agency.
You may already know a little bit about CISA (Cybersecurity and Infrastructure Security Agency) or their new appointment of Jen Easterly. However, it can undoubtedly be a little much to understand.
CISA?
As noted above, CISA stands for Cybersecurity and Infrastructure Security Agency. Founded in 2018 and as per Politico “[CISA] is roughly a 2500-person DHA agency responsible for protecting federal networks and offering security advice to critical infrastructure operators, small businesses, and local governments.”
Like any fledgling agency, it seems like they have a few kinks left to work out, but we firmly believe it has a promising future. With the right funding, personnel, and information CISA hopes to get this rampant world of cybercrime under control.
Getting cybercrime under control is a big ask but there are more than a few things CISA plans to do that could benefit us all. One big item they intend to address is the development of best practices when it comes to cyberattacks, and more specifically ransomware. At Vodigy, we pride ourselves on being up to date on the latest security practices, however not everyone possesses or has access to the right tools. If CISA were to develop a concrete system of best practices, more businesses would have access to the proper tools and information to keep them protected or to help recover data in the event of a loss.
Another item on CISA’s agenda is to set up a system of mandated reporting for cybercrime attacks. We know you may have had a knee-jerk reaction to the word ‘mandated’ but let us try to look at it in a positive light. With mandated reporting comes a ton of data and data is exactly what we need to come up with a successful strategy against cybercrime. As well, with mandated reporting CISA can help from the get-go.
During the Colonial Pipeline ransomware attack, CISA was not notified until later in the fight. If mandated reporting were in place, CISA would have been there from the beginning to help manage the attack and the proceeding negative outcomes.
Who is Jen Easterly?
Have you checked out her LinkedIn? We imagine most of us in Minnesota would respond with something similar to ‘Uff da! Now that’s a resume’! In the absolute least, we can say is she appears to have an excess of necessary skills and experience to steer CISA in the right direction. Especially after the eight-month leadership void that occurred after the firing of Christopher Krebs.
A ringing endorsement for Easterly comes from right here in the Midwest. Wisconsin lawmaker Mike Gallagher described Easterly as having ‘qualifications [that] are well above and beyond those stipulated by the law…Her background is incredible’.
Comments stemming from both Easterly herself and the press seem to indicate that Easterly is ready to hit the ground running. At Vodigy, we are excited to see how her vision for CISA pans out during her time as a leader.
I have an SMB, so what does this mean for me?
In short, it may take a while but SMBs can look forward to various improvements in the battle against cybercrime. Whether it is from improved security measures or an entirely new method, these benefits will eventually trickle down.
It is worth mentioning again that one of Easterly’s plans is putting mandatory cybercrime incident reporting in place for all organizations be it federal or private. This will be beneficial in many ways. With CISA being informed of security breaches at the beginning not only are they able to lend a hand from the start but they will also have access to tools or advice that the attacked company may not. In the end, that can make the difference between coming from an attack relatively unscathed or in the worst-case scenario: losing your company altogether.
An additional benefit of CISA being involved from the beginning is just simply being able to nip cybercrime in the bud. If CISA is notified in a timely manner, they might be able to lessen the effects of the attack on subsidiaries or partnering businesses or negate them altogether. This will help protect your company from suffering a similar fate, especially with so many SMBs who do business with large market players.
Hey there, it’s Vodigy
We have said this many times and we will say it again – being prepared is the best way to stay protected. Cybercrimes never occur on a schedule or when it is convenient for your business to have a crisis. Take a few moments to reach out to Vodigy and schedule your free technology assessment.
Are you ready to Unleash the Power of IT?
