It's for this reason that the Biden administration recently issued yet another executive order designed to secure the national supply chain, this time specifically aimed at defense against cyberattacks, according to National Public Radio. In particular, the order spells out what companies that are in business with the federal government have to do in the event that they are hit with an attack, including investigating the causes and upholding standards around software development.
Effectively, this allows the government (and its partner businesses) to have a better understanding of the security landscape on which they are operating, up and down the supply chain — and appointing a date by which everyone will have to be compliant, the report said. Anne Neuberger, the deputy national security adviser for cyber and emerging technology at the White House, told NPR that this initiative was kicked off because of the attack suffered by SolarWinds, which cascaded into problems for dozens of companies nationwide. This attack clarified a lot of the issues that had been swirling over the sector for some time and led to an overarching solution issued from the highest echelons of federal government.
Looking at unique issues
Of course, threat vectors are evolving and springing up all over the place these days, for organizations of all shapes and sizes, according to the latest Verizon Mobile Security Index. That is particularly true when it comes to the emergence of remote work, which many expect to continue well beyond the pandemic's end. About half of all businesses surveyed said that a remote workforce has done damage to their cybersecurity posture, and 2 in 5 believe the use of mobile devices has become their biggest organizational security threat.
The problem for many businesses: There is a recognition that mobile and BYOD policies are a security issue, but 45% have been forced to simply live with that risk because they need to hit their goals and meet various deadlines. This creates a potentially unique problem, as well, because 57% of respondents did not have an Acceptable Use Policy governing their data use and retention.
What can be done?
Clearly, then, the first step to getting a better handle on procurement data security is to establish policies if they don't yet exist, or reevaluate the ones you've had in place for some time to see what may need to be tweaked, according to Ryzex. It will also be vital to train employees on best practices and your unique standards, as well as make it simpler for them to connect to your networks.
Once you have a strong security standard in place, it becomes easier to uphold a strong posture because everyone will be on the same page when it comes to taking the right steps, individually and organizationally. That way, you can proceed under new federal guidelines or feel more confident that when an attack attempt takes place, you will be able to stand up to it.