.jpg?width=400&name=iStock-1289956604%20(1).jpg)
The White House’s latest Executive Order on Improving the Nation’s Cybersecurity provides insight into what organizations should expect in the future and what they need to do today.
Currently, the May 12th Executive Order focuses on government entities and “IT and OT service providers” contracting with the government in the realm of cybersecurity. Should the proposed rules found within the executive order find themselves implemented as law, they will be the first step towards imposing cybersecurity standards on private companies.
Organizations need to be preparing both in response to the evolving threat landscape, but also in the context of assumed increases in regulation and any associated scrutiny by regulators. We’ve seen in recent months added recommendations for cyber insurers to scrutinize both insured organizations, the supply chain, and cybersecurity vendors; this new executive order feels like the precursor to enacting law that will seek to equally elevate the cybersecurity stance of organizations to protect not just the organization itself, but it their part in securing the nation.
The most effective way to mitigate any kind of cyber incident is with a comprehensive cybersecurity plan that contains both preventative and response actions, meeting (and, hopefully exceeding) industry standards that are readily available today.
We’re obviously big believers in ensuring the end-user is as secure as the perimeter, infrastructure, network, systems, applications, data, and endpoints. Security Awareness Training is the key to enabling your users to participate in the improved security of an organization. By educating them on scams, attacks, and tactics being used today and tomorrow, employees create a natural sense of vigilance against attacks, stopping them before they start by never engaging with malicious email and web-based content in the first place.
