National Cybersecurity Awareness Month, Sleepless Nights and FedRAMP
October is National Cybersecurity Awareness Month, but increasing awareness of ongoing cyber threats in the public sector is critical at any time of year.
Recent activities in cities, states, and federal organizations confirm cyber threats are real, pervasive, and persistent. If you’d like a quick review just before bedtime to ensure a less-than-restful sleep, check out samples of how some cities, counties, and states spent the last several months:
- County paid $400K to remove Ryuk ransomware in March 2019
- City hit with Robinhood Ransomware in April 2019
- City paid 42 bitcoin (approximately $460K) to regain control of its email and other servers in June 2019
- State issues emergency declaration for its school districts following ransomware outbreak in July 2019
- School district and county libraries attacked by Ryuk ransomware in July 2019
- 23 local entities in one state hit by ransomware attack in August 2019
And this is one Top 10 list on which you don't want your organization to appear: The 10 biggest US government data breaches of all time. The top breach was the U.S. Voter Database, with 191 million affected in December 2015.
What is National Cybersecurity Awareness Month (NCSAM)?
Held every October, National Cybersecurity Awareness Month (NCSAM) is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure all Americans have the resources they need to be safer and more secure online.
NCSAM 2019 will emphasize personal accountability and stress the importance of taking proactive steps to enhance cybersecurity at home and in the workplace. This year’s overarching message—Own IT. Secure IT. Protect IT.—will focus on key areas including citizen privacy, consumer devices, and e-commerce security.
The NCSAM Toolkit is a comprehensive guide to make it easy for you and your organization, regardless of size or industry, to engage and promote the core theme and critical messages leading up to and throughout October.
For more details visit the NCSAM website.
FedRAMP: Dramatically Increase Your Defenses against Cyber Threats
At an enterprise level, what can public sector and commercial organizations do to plan and protect themselves against ongoing and pervasive cyber threats? Look no further than a comprehensive cloud security program managed by the US Federal Government.
The Federal Risk and Authorization Management Program (FedRAMP) has established itself as the common standard for cloud security assessment, authorization, and continuous monitoring across the United States Government, and increasingly for state and local agencies. FedRAMP drives a tough, rigorous process, and necessarily so, given the range and severity of cybersecurity threats confronting governments and industry every day.
FedRAMP already covers more than five million assets held by the world’s largest cloud providers, touching an astonishing one-third of the world’s Internet traffic. This extensive reach underscores FedRAMP as the go-to resource for cloud security.
FedRAMP’s four security baselines—high, moderate, low, and low-impact—bring together more than 900 individual controls that allow federal, state/local, and higher education agencies to align the security settings for any cloud-based function with its assessed risk level.
FedRAMP has become the centering point for an extended public-private network that already includes more than 100 government agencies, more than 150 cloud service providers, and more than 40 auditors, with key executive branch entities working together to develop, manage, and operate the program.
Beware: Not Every Application Carries the FedRAMP Authorization
According to one report, there are 17,000 cloud applications, yet only 300 have been authorized in FedRAMP. As organizations evaluate how to secure their environments and data, be sure to understand when your cloud business applications have the FedRAMP authorization and when they do not follow this rigorous control testing regimen.
FedRAMP provides an easy confirmation check on its marketplace for organizations evaluating solutions. Be sure to assess your cloud financial, supply chain, human resources, asset management and other business applications against this standard.
Sleep Well Tonight
As your organization plans its cloud migration journey, focus on rigorously tested platforms performing at the security baseline level required for your organization. Consider the additional protection offered by FedRAMP solutions to further protect your organization against cyber dangers—and to guarantee yourself a better night’s sleep.
- Security & Compliance
- Aerospace & Defense
- Federal Government
- State and Local Government