Enterprise cybersecurity technology research that connects the dots.

A Chance to Raise Shields Right

CISA's "Shields Up" alert provides urgency — and opportunity — for supply chain conversations.

Two shields--one with red x, one with green check mark
Source: <a href="https://pixabay.com/users/openclipart-vectors-30363/?utm_source=link-attribution&amp;utm_medium=referral&amp;utm_campaign=image&amp;utm_content=5137269">Ghinzo</a> via <a href="https://pixabay.com/?utm_source=link-attribution&amp;utm_medium=referral&amp;utm_campaign=image&amp;utm_content=5137269">Pixabay</a>

A week before bombs started falling in Ukraine, The US Cybersecurity and Infrastructure Security Agency (CISA) issued a "Shields Up" warning for US interests. The warning was followed by warnings of apocalyptic cyberattacks from pundits across the news and political spectrum. While the disastrous attacks have yet to materialize, there are still warnings to be noted and steps to be taken to minimize the chance of your organization becoming a casualty of a war that shows no signs of ending soon.

Now, for those who haven't yet read the "Shields Up" notice, here's the tl;dr version: "You know all that cybersecurity stuff we've been telling you to do for the last decade? We meant it. And we REALLY mean it now." There was nothing groundbreaking in the notice, no news of grand new threats or suggestions for bold new actions. Just a solid, screaming-red reminder that good cybersecurity practices are the best protection we have against everything from ransomware to zero-day attacks.

But since we're all looking for something to make us feel that we’re doing something special in response to a special set of circumstances, here's the best single approach you can take to leveling up your enterprise cybersecurity: Make better communications a higher priority.

Be a Good Listener
This is a 360-degree suggestion for communications. Start by listening to every reliable source of information you can find. If you're involved in any sort of critical infrastructure, for example, your organization should be a member of InfraGard, an FBI/private sector partnership for sharing information. There are similar partnerships, both more and less formal, in other market sectors. Make sure you have someone taking part in any for which you’re eligible.

Dedicate staff time to learning about new threats, new options for response, and the current state of the threat environment. If your staff is large enough, give different members "beats," or assignments to monitor particular information channels or topics. If the staff is smaller, work together to identify these information channels or topics, then make sure that some time is dedicated within each week to monitoring the sources for the latest developments. Then share the information that comes from the research.

You obviously want to share the information within the security and IT staff, but you should also plan to share the information with the rest of the organization. These are stressful times and good information will help keep employees feeling that they're more in control because you're telling them what's happening and what they can do about it. Be sure to communicate this in a language that's concise, nontechnical, and friendly. If you're looking for a disciplined way to do this, consider something like the pecha kucha format — 20 slides for 20 seconds each.

Another set of communications should be happening with your supply chain. This is an era in which regular communications with cloud providers, hosting companies, SaaS providers, and others should be frequent and regular. Ask them what they're doing to protect their infrastructure, what they're doing to protect your assets, and what their other customers are doing that seems to be working. Then share your strategies, your wins, and your concerns. Stressful times are not the occasion to go alone — take advantage of the collective knowledge of your supply chain.

Beyond Touchy-Feely
It might be tempting to dismiss all of this as touch-feely activity in lieu of real action. It's not. Lack of communication leads to the proliferation of gaps in knowledge and protection — gaps that are the perfect hiding places and points of vulnerability for threat actors. Keep your most valuable cybersecurity assets — your people — at their strongest by making sure they are communicating within the organization and outside. Make communication a priority, and your organization will come out of 2022 stronger than when it walked in.

About the Author

Curtis Franklin, Principal Analyst, Omdia

Curtis Franklin Jr. is Principal Analyst at Omdia, focusing on enterprise security management. Previously, he was senior editor of Dark Reading, editor of Light Reading's Security Now, and executive editor, technology, at InformationWeek, where he was also executive producer of InformationWeek's online radio and podcast episodes

Curtis has been writing about technologies and products in computing and networking since the early 1980s. He has been on staff and contributed to technology-industry publications including BYTE, ComputerWorld, CEO, Enterprise Efficiency, ChannelWeb, Network Computing, InfoWorld, PCWorld, Dark Reading, and ITWorld.com on subjects ranging from mobile enterprise computing to enterprise security and wireless networking.

Curtis is the author of thousands of articles, the co-author of five books, and has been a frequent speaker at computer and networking industry conferences across North America and Europe. His most recent books, Cloud Computing: Technologies and Strategies of the Ubiquitous Data Center, and Securing the Cloud: Security Strategies for the Ubiquitous Data Center, with co-author Brian Chee, are published by Taylor and Francis.

When he's not writing, Curtis is a painter, photographer, cook, and multi-instrumentalist musician. He is active in running, amateur radio (KG4GWA), the MakerFX maker space in Orlando, FL, and is a certified Florida Master Naturalist.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights