Recently the White House released its new National Cybersecurity Strategy, which outlines several key priorities for enhancing the US’s cybersecurity posture and taking aim at the increasing threat landscape associated with our digital ecosystem. The new Strategy focuses on several key areas, including improving threat detection and response, enhancing the security of critical infrastructure, increasing cyber awareness, promoting the privacy and security of personal data, and developing comprehensive risk management plans.
A significant focus is an industry-wide collaboration to develop enhanced strategies for how US companies allocate roles, responsibilities, and resources toward addressing cybersecurity. The guidance suggests technology companies take the lead on public-private collaboration efforts to elevate security over the technology solutions that are often exploited during cyber-attacks.
Key elements of the new Strategy and considerations that companies should be aware of include:
Increased Responsibility Placed on Software Providers
The Strategy involves shifting the burden of cybersecurity from individuals, small businesses, and local governments and putting responsibility in the hands of software developers and other institutions with the requisite resources and expertise. The Strategy calls for proposing legislation that establishes liability to software makers that fail to take precautions to secure their products and services and, conversely, driving the development of an adaptable, safe harbor framework to protect companies that do securely develop and maintain their software products and services.
As a result, companies should look to explore opportunities to collaborate with government agencies, other technology companies, and advisors to share information and best practices and to develop joint strategies for mitigating cybersecurity risks.
Investment in Cybersecurity Technology
The Strategy also includes an increased focus on incentivizing current and long-term investments in cybersecurity. This includes prioritizing cybersecurity research and development for newer technologies, as well as allocating resources to expand the cybersecurity workforce. Companies in the technology sector should be prepared to invest in innovative technologies like artificial intelligence, machine learning, and blockchain to enhance their cybersecurity defenses. By staying at the forefront of these technologies, companies can better protect their own assets and contribute to the larger cybersecurity ecosystem.
The Strategy also alludes that Federal grant programs will be made available to help companies who place an emphasis on cybersecurity to promote developing new infrastructure that is secure and resilient.
Embrace a Risk-Based Approach to Cybersecurity
The Strategy emphasizes the importance of taking a risk-based approach to cybersecurity. As a best practice, companies should prioritize their cybersecurity investments based on the specific risks that they face. By conducting regular risk assessments and developing tailored risk mitigation strategies, companies can better protect themselves against their most significant threats.
The Strategy also highlights the importance of adopting a zero-trust approach to cybersecurity. This means that companies should assume that all systems and users are potentially compromised and implement strict access controls and monitoring to prevent and detect unauthorized access. Technology companies should also ensure that stringent system development lifecycle (SDLC) controls are in place to protect against vulnerabilities when developing products. This may include implementing enhanced code reviews as part of system development, robust patch management programs, and securing the source code behind software through a combination of network segmentation, use of secure source code repositories, and other risk mitigating controls.
How Centri Can Help
At Centri, our IT risk and cybersecurity advisory services are designed with your greatest assets in mind — your people. We’re here to offer you the support, resources, and expertise you need, exactly when you need it most. Our advisory experts work alongside your senior leadership to help understand your current needs and align them with the right solutions. Please contact us for more information or to explore how our expertise in cybersecurity risk management aligns with the specific needs of your company.
Managing Director | IT Risk & Cybersecurity Practice Leader
Rich is the Managing Director and IT Risk & Cybersecurity Practice Leader at Centri. He has more than 13 years of combined experience in internal control consulting, IT risk, cybersecurity advisory, and risk-based internal audits & accounting. Over the years, Rich has provided a variety of risk advisory and compliance services for clients across various industries, including insurance, healthcare, life sciences, financial services, and higher education.
About Centri Business Consulting, LLC
Centri Business Consulting provides the highest quality advisory consulting services to its clients by being reliable and responsive to their needs. Centri provides companies with the expertise they need to meet their reporting demands. Centri specializes in financial reporting, internal controls, technical accounting research, valuation, mergers & acquisitions, and CFO and HR advisory services for companies of various sizes and industries. From complex technical accounting transactions to monthly financial reporting, our professionals can offer any organization the specialized expertise and multilayered skillsets to ensure the project is completed timely and accurately.
For more information, please visit www.CentriConsulting.com
Eight Penn Center
1628 JFK Boulevard, Suite 500
Philadelphia, PA 19103
New York Office
530 Seventh Avenue
New York, NY 10018
50 Milk Street
Boston, MA 02109
Tysons Corner Office
1775 Tysons Blvd
Tysons, VA 22102
8310 South Valley Highway
Englewood, CO 80112
4208 Six Forks Rd
Raleigh, NC 27609
615 Channelside Drive
Tampa, FL 33602