MathCraft Newsletter Issue Q2 2022 – Associate Member of NCMS
Braving the Coming Cyberwar
We’re just a few months into 2022, and war has broken out in Europe: in response, America’s federal agencies are scrambling to enforce cybersecurity laws, while Congress is hard at work passing new ones.
These are perilous times indeed for FSOs, CSOs and other security professionals working in the heart of America’s most sensitive facilities: here at MathCraft, we offer our steadfast support, bringing you the latest national security news along with the industry standard for enterprise security software.
Cyberwar with Russia?
During Russia’s very real war with its neighbor, hackers within Ukraine and outside it have been gearing up for cyberwar. Now – following U.S sanctions against Russia – many have worried about the possibility of direct attacks on America’s critical infrastructure with the White House warning that the adversary has explored “options for potential cyberattacks” based on “evolving intelligence”.
So far, however, malicious cyberactivity has been conspicuously absent from Russia’s tactics, and some wonder if the country is holding back: it certainly has the capabilities to mount a cyber assault against NATO and NATO-aligned countries, based on previous attacks of suspected Russian origin, including the SolarWinds hack.
While the conflict carries on – and while talks of peace fail to materialize – FSOs should be prepared for every possible outcome. From the consensus of U.S intelligence officials, it is more likely than not that cyber tactics will eventually play a part in this conflict, and that cleared organizations will be caught in the crossfire.
The Evolution of Insider Threats
With experts estimating that two out of every three data breaches are caused by insiders, insider threats remain a major concern for cleared organizations, demanding constant vigilance and alertness from FSOs and other security officers. According to a recent report from Ponemon Institute, the average cost of insider threat events has climbed 34% since 2020, reaching a new height of $15.38 million in 2022.
While the majority of insider threat events are caused by accidental misuse of data or employee negligence, malicious insiders incur higher costs per incident – and alarmingly, insiders are increasingly recruited by outside actors. Recently, the Lapsus$ ransomware gang – responsible for hacking Samsung – has been openly recruiting insiders from major tech companies like Microsoft via its public communication channels.
This level of open recruitment for trusted insiders is unprecedented, suggesting that the practice is becoming more common and effective with time.
To learn more, check out How Insider Threats Are Evolving in 2022
Defending Against Cyberattacks
Preventing and responding to cyberattacks requires the cooperation of everyone in your cleared facility, and there are many ways that FSOs can start playing their part right now:
To learn more, check out Defending Against Cyberattacks: The FSO’s Perspective
An Early Start on CMMC
The rulemaking process for the Cybersecurity Maturity Model Certification (CMMC) is expected to last for another 9-24 months – but due to the imminent need for increased security, the DoD is considering incentives to boost the number of early adopters. Consequently, organizations who are certified in 2022 may see their deadline for re-assessment expanded to four years instead of the usual three.
Whether this happens or not, cleared contractors are well-advised to consider early adoption of CMMC and schedule their third-party assessment accordingly: aside from potential incentives, it will bring added protection and early eligibility for CMMC-based contracts. For further information and resources, visit the DoD’s official CMMC website.
To learn more, check out What’s New in 2022? Security Predictions for Cleared Facilities
How Insider Threats are Evolving in 2022
In the midst of a rising cybersecurity crisis, it’s worth keeping one thing in mind: the best way to infiltrate an organization is from the inside. With experts estimating that two out of every three data breaches are caused by insiders, insider threats remain a major concern for cleared organizations, demanding constant vigilance and alertness from facility security officers (FSOs). Read More
The Log4Shell Exploit in Retrospect: 3 Takeaways for FSOs
The holiday seasons have become a perilous time for government agencies and cleared facilities: while everyone else is wrapping gifts, cyber actors are ramping up their malicious activities – and the 2021 holiday season was no exception. Read More
What’s New in 2022? Security Predictions for Cleared Facilities
2021 was an eventful year for cleared facilities, bringing new federal security legislation driven by changing trends in technology and the workforce. With rising cybersecurity threats and international conflict on the horizon, 2022 is shaping up to be just as disruptive, and FSOs must be prepared. Read More
MathCraft Security Technologies, Inc. is the leading provider of innovative software and technologies for Industrial Security professionals. Our tools are compliant with 32 CFR Part 117, NISPOM Rule and are available on-premises or in the cloud. Contact us today to see how our products can transform your security operations!
NCMS Endorsement/Disclaimer Statement: References to commercial products, processes, or services do not necessarily constitute an endorsement by NCMS Inc. The opinions and views expressed on this email and on any linked web sites do not necessarily reflect those of NCMS.