As the CEO of a cybersecurity company, it’s important to stay informed--to know about breaking news, emerging threats, and rising trends to provide direction for the company and protection for our customers. One story that stood out to me last week was the news that CISA issued a new directive to federal agencies.
The mandate establishes an aggressive timeline for federal agencies to address known vulnerabilities in their environments. More importantly, though, the guidance will change how government agencies deal with cybersecurity moving forward and improve our ability to defend against attacks.
Better Security Today
It is a huge step in the right direction to draw a line in the sand and establish timelines for remediating vulnerabilities that are known to be actively exploited. Zero day exploits and advanced persistent threats are always a concern—but many attacks are more mundane. Many simply exploit known vulnerabilities, so patching or mitigating those vulnerabilities is essential.
It may seem like something that shouldn’t need to be stated, or that it should have already been established procedure. Ideally, all organizations—but especially government agencies—should have vulnerability and patch management systems in place. However, the IT infrastructure of the federal government is massive and legacy hardware and applications pose unique challenges that can make it difficult to apply patches in a timely manner. Without a deadline, tasks get pushed to the back burner and eventually forgotten until it’s too late.
This is a huge step forward for US government cybersecurity. Identifying and closing known gaps is necessary for effective security, and this directive will help reduce the attack surface and improve the security posture of government agencies.
Better Security In the Future
Beyond the immediate action to address vulnerabilities, though, the CISA directive also sets an expectation that things change and that federal agencies need to have processes in place to update and adapt over time.
It is significant—and crucial for effective cybersecurity—that CISA has specified that this is a continuous process. It is not just about a sprint to address current vulnerabilities—but about building a culture that recognizes that the cybersecurity landscape is continually shifting and establishing an expectation that organizations will continue to identify and address issues moving forward.
This is an important piece of the broader push to modernize our cyber defenses. It reduces exposure to known risk, but there are other elements that are just as vital—if not more so. The order by the Biden Administration for federal agencies to deploy Endpoint Detection and Response (EDR) solutions is essential as well—moving government agencies off dependence on legacy tools that are ineffective against today’s threats.
Threat actors love to target low-hanging fruit by exploiting known vulnerabilities. Vulnerability and patch management alone are not enough, though, because they are also constantly innovating new tools and techniques to target emerging technologies and platforms and circumvent security.
Cybersecurity is national security. We have seen the lines blur as nation-state attacks sometimes impact private companies, and cybercrime sometimes affects critical infrastructure. Hopefully, this move by CISA will have the desired effect, and the government will continue to push the envelope and focus resources on improving our cyber defenses.
About the Author
Lior Div, CEO and co-founder of Cybereason, began his career and later served as a Commander in the famed Unit 8200. His team conducted nation-state offensive operations with a 100% success rate for penetration of targets. He is a renowned expert in hacking operations, forensics, reverse engineering, malware analysis, cryptography and evasion. Lior has a very unique perspective on the most advanced attack techniques and how to leverage that knowledge to gain an advantage over the adversary. This perspective was key to developing an operation-centric approach to defending against the most advanced attacks and represents the direction security operations must take to ensure a future-ready defense posture.