WithSecure, Biden Officals Pressed By Lawmakers On Cyber Reporting Legislation

By   ISBuzz Team
Writer , Information Security Buzz | Nov 17, 2022 04:36 am PST

Following the news that Biden’s officials are being pressed by lawmakers on cyber reporting legislation as overseas threats and ransomware evolves, Information security experts reacted below.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Paul Brucciani
Paul Brucciani , Cyber Security Advisor
InfoSec Expert
November 17, 2022 12:39 pm

Forcing organisations to report is a useful stick to make them get their cyber security house in order. When implemented, this Act will provide a higher quality of data to drive national security policy-making. Organisations that are concerned about whether an incident is ‘significant’ should control the language used to talk about it; only calling it an incident when they are certain that is the case.

To avoid this situation, organisations should minimise the number of internet-facing assets; closing unneeded open ports; identifying all physical and digital elements that are accessing the network; and identifying and prioritising for remedial action the vulnerabilities within your internet-facing software.

Residual risks can be managed by implementing appropriate security policies, proactive detection and response to threats and regular testing and validation of their security incident response plan.

Since phishing accounts for 90% of all data breaches, organisations should conduct regular employee training on phishing awareness; implement multi-factor authentication where they can, or enforce strong passwords where they can’t.

Last edited 9 months ago by Paul Brucciani

Recent Posts

Would love your thoughts, please comment.x