The Top Four Things Tech Manufacturers can do to Bolster the Cybersecurity of Target-Rich, Cyber-Poor Organizations

Schools, municipalities, and non-profit organizations contribute to flourishing communities by supporting civic life and democratic processes.
In many cases, they need someone with training and expertise to implement mitigations and securely configure products- a resource they can't always afford.
To make true progress in securing the organizations that lead to flourishing communities, technology manufacturers should keep the context and constraints of these end users in mind and ensure that organizations with varying levels of resources and technical expertise can deploy products securely.
The organization may not have a dedicated full-time Chief Information Security Officer, or even an Information Technology Director.
Products should be securely configured out of the box so that the burden isn't on non-IT personnel to implement configurations correctly.
When serving K-12 institutions, you are serving an organization with users that are just learning their ABCs.
This should be reflected so that anyone can use a product securely without needing to be a cybersecurity expert.
Security is often not their primary focus or motivator.
Take CISA's Secure by Design pledge to commit to building products that have security from the start and available out of the box.
Make it easy to use technology products securely for users of all skill level.
Not every organization has a dedicated full-time CISO, IT Director, or even a team member with the technical background to understand a product's security controls and their impact on the organization's digital ecosystem.
Industry should include a Customer Responsibility Matrix and simplified instructions as part of a product offering and implementation.
This is a requirement in StateRAMP's security package for StateRAMP Ready and StateRAMP Authorization, as security relies on shared responsibilities.
Ideally, end users shouldn't need to take any steps to use a product securely.
Consider reviewing hardening guides to lift the burden from users by making secure configurations the default.
Contribute time and technical expertise to programs that support the cyber readiness of schools, municipalities, and non-profits.
Industry subject matter experts can advise under-resourced organizations on cybersecurity best practices through participation in cyber volunteer programs.
Industry can also participate in programs, such as StateRAMP, Multi-State-Information Sharing and Analysis Center, NetHope, and others that provide shared resources to state, local, educational, and non-profit organizations.
CISA does not endorse any commercial entity, product, company, or service, including any entities, products, or services referenced or linked to on this page.
Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA..


This Cyber News was published on www.cisa.gov. Publication date: Thu, 09 May 2024 16:13:06 +0000


Cyber News related to The Top Four Things Tech Manufacturers can do to Bolster the Cybersecurity of Target-Rich, Cyber-Poor Organizations

Fortinet Contributes to World Economic Forum's Strategic Cybersecurity Talent Framework - Shining a light on the cybersecurity workforce challenge, the World Economic Forum recently published its Strategic Cybersecurity Talent Framework, which is intended to serve as a reference for public and private decision-makers concerned by the ...
7 months ago Feeds.fortinet.com
Optimizing Cybersecurity: How Hackers Use Golang Source Code Interpreter to Evade Detection - Hackers have been upping the stakes when it comes to executing cyberattacks, and an increasingly popular tool in their arsenal is the Golang source code interpreter. Reportedly, the interpreter is used to obfuscate code, thus making it harder for ...
1 year ago Bleepingcomputer.com
Cybersecurity Training for Business Leaders - This article explores the significance of cybersecurity training for business leaders and its crucial role in establishing a secure and resilient business environment. By examining the key components of effective training programs and the ...
11 months ago Securityzap.com
Cyber Insights 2023: Cyberinsurance - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. In 2022, Russia invaded Ukraine with the potential for more serious and more ...
1 year ago Securityweek.com
ISB Cybersecurity Awareness Month: Expert Tips - Information Security Buzz spoke with several security experts and asked them, “What’s the one piece of advice that could make a difference?” Their responses highlight that cybersecurity is not one-size-fits-all—each organization must tailor ...
2 months ago Informationsecuritybuzz.com
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help - Cyber Defense Magazine - To prepare themselves for future attacks, organizations can utilize BAS to simulate real-world attacks against their security ecosystem, recreating attack scenarios specific to their critical infrastructure sector and function within that sector, ...
2 months ago Cyberdefensemagazine.com
Fighting ransomware: A guide to getting the right cybersecurity insurance - While the cybersecurity risk insurance market has been around for more than 20 years, the rapidly changing nature of attacks and the rise in the ransomware epidemic has markedly changed the nature of cyber insurance in recent years. It's more ...
11 months ago Scmagazine.com
Meet Your New Cybersecurity Auditor: Your Insurer - As businesses deal with the fallout of massive ransomware waves, from Lapsus$ to Cl0p/MOVEit, an unlikely new entity is joining the regulatory bodies to raise the bar for cybersecurity: the cyber insurer. Their coverage requirements and ...
1 year ago Darkreading.com
Understanding the New SEC Rules for Disclosing Cybersecurity Incidents - The U.S. Securities and Exchange Commission recently announced its new rules for public companies regarding cybersecurity risk management, strategy, governance, and incident exposure. "Currently, many public companies provide cybersecurity disclosure ...
1 year ago Feeds.dzone.com
Cyber Insurance for Businesses: Navigating Coverage - To mitigate these risks, many businesses opt for cyber insurance. With the wide range of policies available, navigating the world of cyber insurance can be overwhelming. In this article, we will delve into the complexities of cyber insurance and ...
10 months ago Securityzap.com
The Top Four Things Tech Manufacturers can do to Bolster the Cybersecurity of Target-Rich, Cyber-Poor Organizations - Schools, municipalities, and non-profit organizations contribute to flourishing communities by supporting civic life and democratic processes. In many cases, they need someone with training and expertise to implement mitigations and securely ...
7 months ago Cisa.gov
5 Ways to Counteract Increasing Cyber Insurance Rates - Despite this threat, only 55% of organizations have some form of cyber insurance, and only 19% have coverage for cyber events beyond $600,000. As the cybersecurity landscape continues to evolve, businesses must carefully evaluate their risk exposure ...
10 months ago Cybersecurity-insiders.com
Tracking Cybersecurity Progress at Industrial Companies - Although cybersecurity has become a priority at many manufacturing companies, risks have increased at the same time. To better understand how companies are addressing heightened risks, Manufacturers Alliance and Fortinet partnered to study the ...
1 year ago Feeds.fortinet.com
Cyber Insurance: A Smart Investment to Protect Your Business from Cyber Threats in 2023 - Don't wait until it's too late - get cyber insurance today and secure your business for tomorrow. According to the U.S. Federal Trade Commission, cyber insurance is a particular type of insurance that helps businesses mitigate financial losses ...
10 months ago Cyberdefensemagazine.com
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
1 year ago Cisa.gov
Does Pentesting Actually Save You Money On Cyber Insurance Premiums? - Way back in the cyber dark ages of the early 1990s as many households were buying their first candy-colored Macintoshes and using them to play Oregon Trail and visit AOL chat rooms, many businesses started venturing into the digital realm as well by ...
1 year ago Securityboulevard.com
Three Key Threats Fueling the Future of Cyber Attacks - Improvements in cyber security and business continuity are helping to combat encryption-based ransomware attacks, yet the cyber threat landscape is continually evolving. Protecting an organization against intrusion remains a cat and mouse game, in ...
8 months ago Cyberdefensemagazine.com
Cybersecurity Tops 2024 Global Business Risks - The newly released Allianz Risk Barometer revealed that Cyber incidents such as ransomware attacks, data breaches, and IT disruptions are the biggest worry for companies globally, as well as in the United States, in 2024. The 13th annual business ...
10 months ago Cybersecurity-insiders.com
IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities - SUMMARY. The Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, National Security Agency, Environmental Protection Agency, and the Israel National Cyber Directorate-hereafter referred to as "The authoring agencies"-are ...
1 year ago Cisa.gov
How to Keep Cyberattacks From Taking Off - COMMENTARY. Over the last three years, the global aviation industry has been left reeling by a post-pandemic sucker punch that hit the sector with over $185 billion in losses. Once a bastion of American prosperity, airlines were forced into survival ...
1 year ago Darkreading.com
Smashing Security Podcast Episode 306: What is the State of Cyber Security in 2020? - The recent pandemic has created a need for businesses to invest in cybersecurity more than ever. The popularity of digital communication and remote access has exposed organizations to more cybersecurity threats than ever before. Graham Cluley’s ...
1 year ago Grahamcluley.com
Strategy, Harmony & Research: Triaging Priorities for OT Cybersecurity - The mission of the Cybersecurity and Infrastructure Security Agency is to lead the national effort to understand, manage, and reduce risk to the cyber and physical infrastructure that Americans rely on every hour of every day. CISA is not responsible ...
1 year ago Darkreading.com
Cyber Security Managed Services 101 - Benefits of an MSP. Maximizing efficiency. Cyber threats and cyberattacks like ransomware targeting SMBs continue to increase in part because malicious actors realize these organizations don't have the means or manpower for security teams. Even ...
1 year ago Trendmicro.com
Business Cybersecurity Culture: Building a Secure Workforce - To protect their operations and sensitive data, organizations must prioritize the development of a strong cybersecurity culture within their workforce. In this discussion, we will explore the crucial elements of a robust cybersecurity culture and ...
10 months ago Securityzap.com
The Importance of Cybersecurity Education in Schools - Cybersecurity education equips students with the knowledge and skills needed to protect themselves and others from cyber threats. Cybersecurity education can teach students about the impact of cyberbullying, how to prevent it, and how to respond ...
1 year ago Securityzap.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)