Cybercriminals Don't Care About National Cyber Policy

We can't put defense on hold until Inauguration Day.

Christy Wyatt, President & Chief Executive Officer, Absolute Security

January 7, 2025

3 Min Read
White House at dusk
Source: Albert Knapp via Alamy Stock Photo

COMMENTARY

In 1998, President Bill Clinton published the first White House national cyber policy. Since then, cyberattacks have evolved alongside the explosive growth of the digital world, as have laws, policies, and regulations. Although there's been continuous federal activity around cyber since the early days of the Internet, the level of seriousness and attitudes toward how much control government should exercise over technology and cybersecurity fluctuates, with debates continuing to rage over how free or controlled the tech markets should be.

With the upcoming changing of the guard in the US, those of us in the domestic cybersecurity and technology industries are all wondering where we will land. Will the Cybersecurity and Infrastructure Security Agency (CISA) be eliminated? Will we see a raft of new security, privacy, and compliance laws? Will current cybersecurity regulations be deprioritized? Will rapid deregulation undo much of what we've already adjusted to? No one really knows.

Despite the uncertainty, one thing cybersecurity and risk professionals all know is that cybercriminals aren't putting their plans on hold until after Inauguration Day. If anything, threat actors will ramp up activities to take advantage of this current period of post-election uncertainty. Those of us responsible for protecting the public and private sectors know that now isn't a time to debate which side has the better security plan. It's time to come together in our efforts to create a more resilient and secure nation. Of course, this is easier said than done. Every time we adopt a standard or best practice, some enterprising cybercriminal develops a new way to counter it. However, there are some basic and fundamental steps any organization that wants to thrive in the years to come should take.

Defense Steps We Can Take Now

  • Prioritize security: While policies may change, the fundamentals of keeping your organization secure and resilient do not. Your organization's ability to do business depends on proactive preparation. Don't wait for the next set of rules to be handed down from Washington — prepare now. 

  • Focus on recovery: Attacks and disruptions are inevitable; business continuity is essential. Evaluate and refine your remediation plans continually to ensure they address potential disasters. It's cliché to state that "failure to plan is planning to fail," but it's also true. Being prepared will reduce the time it takes you to recover from an incident.

  • Adopt common standards and language: Standards create a shared language for finding risks, and using existing frameworks will drive faster and more cohesive responses. Let's all get on the same page in terms of how we share information about challenges we face and which standards and frameworks map back to specific risks. This is an industry discussion and does not require any agency to facilitate this type of a forum. 

  • Own your cyber accountability: Governments, vendors, and enterprises all share responsibility for mitigating risks and ensuring continuity through adversity. You need to be ready to ride to your own defense — there is no calvary behind a digital hill ready to ride to your rescue.

Over the next 12 to 18 months, we can expect to see rapid and unpredictable changes. New challenges and risks will arise out of trade disputes, domestic policies, geopolitical events, and the growth of AI. The security problems we face today require a unified and focused approach. Changing administrations — anywhere in the world — should not distract us from the critical task at hand. Let's collectively commit to ensuring security and resilience for all organizations, whether they be part of the critical national infrastructure (CNI), an essential supply chain, or a favorite consumer brand. Remember, cybercriminals don't care about national cyber policy or politics. We can't put defense on hold until Inauguration Day.

About the Author

Christy Wyatt

Christy Wyatt

President & Chief Executive Officer, Absolute Security

Christy Wyatt is president and chief executive officer of Absolute Security, a leader in enterprise resilience, and the only endpoint and secure access provider embedded in more than 600 million endpoint devices globally.

See more from Christy Wyatt
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars

Editor's Choice

Binary code in blue and orange colors
Vulnerabilities & Threats
Emerging Threats & Vulnerabilities to Prepare for in 2025Emerging Threats & Vulnerabilities to Prepare for in 2025
byKristina Beek, Associate Editor, Dark Reading
Dec 26, 2024
11 Min Read
Trump signing cybersecurity order creating CISA in 2018
Cybersecurity Operations
Trump 2.0 Portends Big Shift in Cybersecurity PoliciesTrump 2.0 Portends Big Shift in Cybersecurity Policies
byBecky Bracken, Senior Editor, Dark Reading
Dec 24, 2024
7 Min Read
People shaking hands imposed over a photo of China and a globe
Endpoint Security
US Ban on TP-Link Routers More About Politics Than Exploitation RiskTP-Link Router Ban Is Mostly About Politics
byRobert Lemos, Contributing Writer
Dec 20, 2024
6 Min Read
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers