Cybersecurity Compliance: Expert Tips from the former CIO of the CIA

Today, increasingly more companies are being asked by their partners and customers to assess their cybersecurity based on industry and government standards; however, many are finding that they are unprepared to assess their cybersecurity and are unaware of whether their practices will consistently be compliant with guidelines.

Recently Defendify interviewed Alan Wade, the former Chief Information Officer (CIO) at the U.S. Central Intelligence Agency (CIA,) to address the issue of compliance and remedy some of the unknowns that many businesses have.

Alan explained what security standards to look out for, and what resources, processes, and frameworks can help with satisfying standard compliance requirements. He also shared insights on recent threats facing businesses of all sizes, and tips for how small and mid-sized businesses can strengthen their cybersecurity postures.

The biggest cybersecurity challenges facing small and mid-sized businesses today are the same ones facing large enterprise businesses.

Smaller businesses do not have the staff that large enterprises have. So, sadly, whether you are a small enterprise or a large enterprise you have to deal with the big issues.

3 issues small and mid-sized businesses should be aware of:

  • Ransomware, a problem that everyone from small businesses to the government faces.
  • Insider threats, from employees who, intentionally or mistakenly, cause a cyber incident.
  • Patching, a crucial aspect of a strong cybersecurity posture that organizations often overlook or are slow to execute.

Bad actors will reverse-engineer patches and updates when they are released so that they can attack those who have not yet installed the updates that fix vulnerabilities.

Presentation attendees reported that they found that cyberthreats they were facing were becoming increasingly more challenging. In a poll, 91% of attendees responded that they found the cyberthreats facing their company were becoming “more challenging” rather than staying the same or lessening.

3 Tips to boost cybersecurity strength:

Alan Wade shared the following tips for small and mid-sized companies to help them strengthen their cybersecurity posture and comply with security guidelines.

1) Company leadership needs to focus on cybersecurity issues.

Cybersecurity is a strategic component to business operations to prevent the extensive damages that a cyber incident can cause. It is crucial that company leadership build an understanding of their current cybersecurity posture, and work with their teams to ensure a strong ongoing cybersecurity program.

2) Understand which of your assets need to be protected.

Every business should know exactly which of their assets should be protected and secure. Start with intellectual property, human resource data, and customer data, then look at data being exchanged with outside applications and groups.

3) Put in place a risk management system for assets needing security.

While there is no way to ever be 100% secure, it is imperative that once you know which assets need to be secured, you understand the steps needed to ensure security over time.

To learn more about how common compliancy regulations like CMMC, PCI, GDPR, and HIPAA are evolving, and to better understand the risks of non-compliance, watch the full Alan Wade interview at www.defendify.com/cia.

Resources & insights

Why You Could Be Denied Cyberattack Insurance Coverage
Blog
Why You Could Be Denied Cyberattack Insurance Coverage
As you’re working toward achieving robust cybersecurity, the subject of cyber attack insurance coverage is sure to enter the discussion. Maybe you’ve already delved into this topic, as cyber insurance has become an essential cornerstone of every information security program. Many overriding factors will affect your ability to obtain and retain the coverage you need at a reasonable rate—and a successful approach is tied closely to a comprehensive cybersecurity posture.
Cost of a Cyberattack vs. Cybersecurity Investment
Blog
Cost of a Cyberattack vs. Cybersecurity Investment 
Detailing the cost of a cyberattack versus the ROI of a cybersecurity investment enables leadership to see cybersecurity solutions are worth it.
Defendify Listed as a High Performer in Six G2 Grid Categories
Blog
Defendify Listed as a High Performer in Six G2 Grid Categories
The Defendify Cybersecurity Platform has been listed as a High Performer in six Summer 2022 Data Security Software Category Reports on the technology review site G2.

Protect and defend with multiple layers of cybersecurity

Faster. Smarter. Stronger.

Explore layered
security

Learn more about Defendify’s three key layers and All-In-One cybersecurity.

How can we help?

Schedule time to talk to a cybersecurity expert to discuss your needs.

See how it works

See how Defendify’s platform, modules, and expertise work to improve security posture.