WithSecure, Biden Officals Pressed By Lawmakers On Cyber Reporting Legislation

Following the news that Biden’s officials are being pressed by lawmakers on cyber reporting legislation as overseas threats and ransomware evolves, Information security experts reacted below.

Notify of

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Paul Brucciani
Paul Brucciani , Cyber Security Advisor
InfoSec Expert
November 17, 2022 12:39 pm

Forcing organisations to report is a useful stick to make them get their cyber security house in order. When implemented, this Act will provide a higher quality of data to drive national security policy-making. Organisations that are concerned about whether an incident is ‘significant’ should control the language used to talk about it; only calling it an incident when they are certain that is the case.

To avoid this situation, organisations should minimise the number of internet-facing assets; closing unneeded open ports; identifying all physical and digital elements that are accessing the network; and identifying and prioritising for remedial action the vulnerabilities within your internet-facing software.

Residual risks can be managed by implementing appropriate security policies, proactive detection and response to threats and regular testing and validation of their security incident response plan.

Since phishing accounts for 90% of all data breaches, organisations should conduct regular employee training on phishing awareness; implement multi-factor authentication where they can, or enforce strong passwords where they can’t.

Last edited 10 days ago by Paul Brucciani
Information Security Buzz
Would love your thoughts, please comment.x