HomeCII/OTCMMC: Starting Point, Not the Endpoint

CMMC: Starting Point, Not the Endpoint

Published on

spot_img

The recent years have shown that companies in the defense industrial base and those providing critical infrastructure are being targeted by nation-state threat actors. Many federal agencies have been urging companies to enhance their cybersecurity measures, and now the Department of Defense has introduced the Cybersecurity Maturity Model Certification (CMMC) as a strict mandate to address these threats.

While achieving adherence to CMMC certainly makes companies a harder target, it does not guarantee safety from advanced threat adversaries like China’s PLA Unit 61398. Compliance with CMMC is a step forward, but true cyber threat protection and resilience requires a proactive and continuous approach to cybersecurity operations.

A cybersecurity veteran with 30 years of experience emphasizes that policy, controls, and secure configurations continuously deteriorate due to other business priorities and IT entropy. Establishing a strong policy and control structure is crucial, but the pace of IT change and the need for businesses to prioritize speed and efficiency often leave gaps for attackers to exploit.

To address this, companies must adopt a Harden-Detect-Respond (HDR) mindset and operational capability. This approach involves proactively identifying, fixing, and returning IT and operational weaknesses to a hardened state, immediately detecting and investigating possible intrusions, hunting and rooting out embedded threats, and quickly containing, mitigating, and responding to incidents.

CMMC and NIST 800-171 mandate most HDR capabilities, but the rigor and depth in realizing them can make the difference between vulnerability and resilience. There are seven critical HDR practices that can help companies achieve resiliency and protection from cyber threats.

Firstly, hardening people through security awareness training can reduce the risk of employees falling prey to phishing and other social engineering attacks. Secondly, hardening IT and cloud infrastructure by conducting routine vulnerability scanning and cloud security posture assessments can help prioritize fixing vulnerabilities and weaknesses most likely to be exploited.

Next, hardening endpoints through properly configured modern endpoint protection and visibility is crucial, as they form the perimeter of a company’s defenses. Moreover, increasing visibility into the IT and cloud environment is essential to detecting threat tactics, techniques, and procedures (TTPs) and deploying advanced detection solutions.

Companies also need to proactively hunt for threats as many are compromised without realizing it, and they must have the capability to investigate and respond to threats 24×7. Prioritizing HDR operations is critical for defense and critical infrastructure companies to protect their inventions and operations from advanced threats.

In conclusion, while CMMC compliance is an essential step, companies need to go beyond this to protect themselves. By prioritizing HDR operations and embracing a proactive and continuous approach to cybersecurity, companies can reliably detect and deter nation-state cyber threats.

Overall, companies in the defense industrial base and critical infrastructure must take these necessary steps to ensure they are resilient and protected from the sophisticated cyber threats they face.

Source link

Latest articles

Parrot 7.3 Released with New Menu System and Improved Daily Usability

Parrot 7.3 Released: A Focus on Refinement and Usability In a strategic move, the Parrot...

How Renown Health Is Transforming Its Digital ID Strategy

Renown Health Innovates Digital Identity Management with Advanced Security Measures Renown Health, a prominent not-for-profit...

Medtronic Breach Affects 3.8 Million Individuals

Medtronic, one of the leading medical technology manufacturers globally, has recently taken steps to...

Ransomware Groups Adopt Citrix Bleed 2, BYOVD, and Supply Chain Credentials

Anubis Ransomware Operation: Exploiting Vulnerabilities for Malicious Gains The Anubis ransomware operation has recently been...

More like this

Parrot 7.3 Released with New Menu System and Improved Daily Usability

Parrot 7.3 Released: A Focus on Refinement and Usability In a strategic move, the Parrot...

How Renown Health Is Transforming Its Digital ID Strategy

Renown Health Innovates Digital Identity Management with Advanced Security Measures Renown Health, a prominent not-for-profit...

Medtronic Breach Affects 3.8 Million Individuals

Medtronic, one of the leading medical technology manufacturers globally, has recently taken steps to...