This is evidenced by recent comments from Cybersecurity and Infrastructure Security Agency (CISA) Administrator Jen Easterly. Congressional hearing on Chinese cyber operationsand from documents leaked from Chinese hacker for hire This means that the threat and demand for the cyber vulnerability market is increasing. But even more worrying is Easterly's assessment that it is making it “easy” for attackers through poor software design. To protect our systems and prevent society-wide or economy-wide attacks of the kind that Mr. Easterly and his allies have described to Congress, society as a whole must reshape the cybersecurity market to create technology. efforts will be required. High performance and safe.
Cybersecurity statistics for 2023 further illustrate how easy cybersecurity is for hackers. In his Chromium, the engine that powers Chrome and Edge, 8 previously unknown vulnerabilities (zero day) has been identified. Even software designed to keep users and networks safe was not immune to breaches. CISA declared his 2024 opening as follows: emergency directive Enables federal departments and agencies to patch a set of vulnerabilities in VPN software designed to protect employee connections to federal networks. In the coming months, we may see the creation of a market for hacks and hacked data by iSoon and others. Growing offensive threat Threats posed by AI will make cyber defense even more difficult.
As CISA clearly states in its safe design In this effort, vendors take the first step toward creating secure and easy-to-use technology. Considering security along with performance and functionality from day one of product development not only helps build a secure technology stack, but also ensures that the product is designed with security features in mind, rather than creating obstacles to a great user experience disguised as security features. We guarantee a true balance of performance. But even CISA's ambition to achieve Secure by Design as a regulatory framework means that even the most well-intentioned and well-intentioned hackers, even the bravest and AI-powered Not enough to drive the major changes needed to turn the tide against hackers. -Informed regulation will evolve into companies that check boxes.
Cyber risk is a business risk
To protect our economy and privately operated infrastructure, companies must recognize that, as Easterly puts it, “cyber risk is business risk” by incorporating cybersecurity into all business practices. there is.by Increasing the stature of the CISO Additionally, by providing comprehensive cybersecurity oversight across the business, especially procurement decisions, companies can embed cybersecurity as an organic step in their business processes. In doing so, cybersecurity becomes less of a last-minute hurdle to business effectiveness and more of an enabler for building technology ecosystems and operating models that are both successful and secure.
As executives prioritize cybersecurity as a factor in strategic decision-making, cybersecurity and IT professionals—two closely related but often conflicting groups—are working together to ensure safe and functional solutions for users. You need to build a strong network. IT professionals must recognize that shortcuts that bypass security controls in favor of user experience or network efficiency introduce unnecessary risk to the enterprise. Instead, cybersecurity professionals should actively seek out technologies that provide a superior experience for users while insulating them from technical risks. Both groups work together to understand the risks facing employees in real time, rather than through annual, quarterly, or monthly training that frequently runs in the background while employees are at work. , education must be created for employees to enable them to make appropriate decisions about those risks. Do a “real job.”
The final part of a whole-of-society approach to cybersecurity is the most difficult, but also the most important: integrating cybersecurity into the daily lives of citizens. CISA and the U.S. government have placed much of the burden on businesses for secure development and secure decision-making, but the stake in cybersecurity goes far beyond an individual's credit card or bank account. The public needs to be aware that there areof doomsday scenario Simultaneous interruptions of power, water, and communications highlight these risks, and everyday citizens must strive to improve their cyber literacy and compliance to prevent this scenario from unfolding. Just as we accept and abide by; constant sound We must accept small cybersecurity “nudges” like multi-factor authentication for sensitive work and personal use, if they remind us to fasten our seatbelts when driving.
It is easy to overstate the potential consequences of a Chinese cyberattack as catastrophic, and it is certainly worth discussing response, resilience, and recovery policies. It's hard to look in the mirror and realize that in our rush to develop, buy, and utilize feature-rich technology, we've made it “easy” for our adversaries. But it doesn't have to be that way. If we work together to integrate cybersecurity as part of our corporate and personal mindsets, we can make life harder for hackers and safer for ourselves.
