Yesterday in partnership with the DHS, the FBI and numerous international agencies, CISA released a joint guidance document to help civil society organizations and individuals reduce the risk of cyber intrusions and encourage software manufactures to actively commit to implementing Secure by Design practices to help protect vulnerable and high-risk communities.
“Civil society, comprised of organizations and individuals such as– nonprofit, advocacy, cultural, faith-based, academic, think tanks, journalist, dissident, and diaspora organizations, communities involved in defending human rights and advancing democracy–are considered high-risk communities. Often these organizations and their employees are targeted by state-sponsored threat actors who seek to undermine democratic values and interests,” CISA’s release read.
Civil society organizations and individuals are encouraged to implement the following best practices as defined by CISA’s Cross-Sector Cybersecurity Performance Goals:
- Keep software and applications updated on devices and IT infrastructure
- Use multifactor authentications and use strong passwords
- Audit accounts and disable unused and unnecessary accounts
- Disable user accounts and access to organizational resources for departing staff
- Apply the Principle of Least Privilege
- Exercise due diligence when selecting vendors, such as cloud services and MSPs
- Manage architecture risks
- Implement basic cybersecurity training
- Develop and exercise incident response and recovery plans
- Use encryption measures to protect all communications
Software manufacturers are strongly encouraged to embrace Secure by Design principles and mitigations to improve the security posture for their customers include:
- Vulnerability management. Working to eliminate entire classes of vulnerability in their products
- Enabling MFA by default in all products
- Provide logging at no additional charge and alert customers of suspicious or anomalous behavior
- Implement alerts so customers are aware of unsafe configurations, suspicious behavior, and malware
- Include details of a Secure by Design program in corporate financial reports.
Dave Ratner, CEO, HYAS had this to say:
“Security by design is a good practice to implement and goes hand-in-hand with the equivalent for enterprise network design — designing for cyber resiliency. Too often security is an after-thought; with both security by design for software engineering, and cyber resiliency design for networks and organizations, the overall design becomes foundationally secure, and that’s exactly what is needed going forward to combat the continued onslaught of new and innovative attacks and risks.“
What I like about this initiative is that it is targeting a group of people who likely don’t spend a lot of time and effort to make sure that they are secure. Yet they are low hanging fruit for threat actors. Hopefully this generates results and civil society organizations and individuals are better protected as a result.
Like this:
Like Loading...
Related
This entry was posted on May 15, 2024 at 8:23 am and is filed under Commentary with tags CISA, DHS, FBI. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
CISA, FBI, DHS Release Guidance For Limited Resourced Civil Society Organizations
Yesterday in partnership with the DHS, the FBI and numerous international agencies, CISA released a joint guidance document to help civil society organizations and individuals reduce the risk of cyber intrusions and encourage software manufactures to actively commit to implementing Secure by Design practices to help protect vulnerable and high-risk communities.
“Civil society, comprised of organizations and individuals such as– nonprofit, advocacy, cultural, faith-based, academic, think tanks, journalist, dissident, and diaspora organizations, communities involved in defending human rights and advancing democracy–are considered high-risk communities. Often these organizations and their employees are targeted by state-sponsored threat actors who seek to undermine democratic values and interests,” CISA’s release read.
Civil society organizations and individuals are encouraged to implement the following best practices as defined by CISA’s Cross-Sector Cybersecurity Performance Goals:
Software manufacturers are strongly encouraged to embrace Secure by Design principles and mitigations to improve the security posture for their customers include:
Dave Ratner, CEO, HYAS had this to say:
“Security by design is a good practice to implement and goes hand-in-hand with the equivalent for enterprise network design — designing for cyber resiliency. Too often security is an after-thought; with both security by design for software engineering, and cyber resiliency design for networks and organizations, the overall design becomes foundationally secure, and that’s exactly what is needed going forward to combat the continued onslaught of new and innovative attacks and risks.“
What I like about this initiative is that it is targeting a group of people who likely don’t spend a lot of time and effort to make sure that they are secure. Yet they are low hanging fruit for threat actors. Hopefully this generates results and civil society organizations and individuals are better protected as a result.
Share this:
Like this:
Related
This entry was posted on May 15, 2024 at 8:23 am and is filed under Commentary with tags CISA, DHS, FBI. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.