It is officially a new year. A chance for a clean slate and opportunity to start fresh. Will 2022 be a year of better security? Or will we continue to see a rise in exploits, hacks, and data breaches?
There are some reasons to be optimistic for a more security-focused year.
At the very end of 2021, on December 27, President Biden signed into law the National Defense Authorization Act (see the full text here), which contains the widest expansion of the Cybersecurity and Infrastructure Security Agency since the SolarWinds attack and includes numerous cybersecurity provisions, including:
Authorize CISA's CyberSentry program - a voluntary effort to enhance the resilience of organizations providing critical infrastructure;
Codify CISA's National Cyber Exercise Program, which allows the agency to test the U.S. response plan for major incidents;
Require the DOD to compile a report on how small businesses are affected by its Cybersecurity Maturity Model Certification program;
Modernize the relationship between the DOD's CIO and the NSA's "components responsible for cybersecurity";
Establish a program office within Joint Force Headquarters to centralize the management of cyberthreat information products;
Mandate the first taxonomy of cyber weapons and cyber capabilities;
Require the defense secretary to create a "software development and acquisition cadre";
Require the use of protective domain name systems across DOD;
Require CISA to update its incident response plan at least every two years;
Direct DOD to prepare several reports on China's activities - including security developments and emerging technologies.
In other news, Recorded Future reports that ransomware attacks were slower in the second half of 2021 than the first half, with 59% of attacks occurring in the first six months of the year.
Only time will tell if that trend will last or if it is just a fluke.
More locally, though, we can only ensure that we make personal improvements towards security with well defined goals for the new year.
The job board site, Indeed, gives practical steps for developing smart goals. Goals should be:
So, what are some strong, SMART goals for security? We brainstormed some examples:
50% fewer vulnerabilities on the external network by April 2022.
10% faster response time to security alerts by March 2022.
33% more coverage of security monitoring tools in the internal environment by the end of Q1 2022.
1 new project with Craft Compliance by June 2022 (shameless self-promotion!)
Well-defined goals give you direction and a map to follow towards achievement. As Lewis Carroll said, "If you don't know where you are going, any road will get you there."
If your goals include vulnerability management, then we want to help do our part for it. That is why Craft Compliance is offering free WordPress vulnerability scans for January 2022.
Don't have a WordPress site? Share this offer with someone who does. Let's all do our part to make 2022 more secure.