In these dynamic, ever-changing, anxiety-producing times things have amped up in Cybersecurity, and it’s true now, more than ever, that Cybersecurity never sleeps. Russia’s invasion of Ukraine – and the likelihood of cyberattacks abroad – has only increased attention on the urgent need for cybersecurity. Let’s look at four areas where change is happening: regulatory, business, hacking, and workforce training.
A few hours before President Biden’s speech in early March, the Senate “passed the most significant cyber legislation in history – including a mandate for companies in critical sectors to alert the government when they’re hacked or when they pay ransoms to hackers.” That measure failed to become law last year, Joseph Marks writes in The Washington Post, “but it zipped over the finish line this time – spurred partly by rising anxiety about Russian cyberattacks.” Senate Homeland Security Chairman Gary Peters (D-Mich.) called the bill “a significant step forward to ensuring the United States can fight back against cybercriminals and foreign adversaries.” The changes in this bill, according to Marks, are big, including that the Cybersecurity and Infrastructure Security Agency (CISA) wants to enforce mandatory and nearly immediate reporting after an attack that will allow the sharing information and insights that will benefit companies that might face similar cyberattacks. Second, the bill “will give CISA broad insights into how many and what sort of cyberattacks are hitting U.S. companies each day.”
This bill might even address concerns that earlier cybersecurity legislation attempts did not go far enough. For example, Glenn S. Gerstell, a senior adviser at the Center for Strategic and International Studies and the former general counsel of the National Security Agency and Central Security Service, previously argued in an Op/Ed in The New York Times that the United States needed a more centralized approach to cybersecurity to meet the intense threats. He noted that as the former general counsel of the NSA he knows intimately the sophistication of malicious attacks from Russia, China, Iran, and North Korea. He wrote, “All of them leverage the various sectors of power at their disposal — including commercial and state-owned enterprises as well as spy agencies — to come out against U.S. businesses and citizens in full force.” He fears that the “decentralized nature of the American government does not lend itself to fighting foreign cyberthreats.” There is an urgent need for a more centralized response and for better coordination between the public and private sectors – which will demand a “fresh approach.” Perhaps the legislation passed by the Senate begins to address his concerns.
Google’s parent company Alphabet Inc. announced in March a big purchase in cybersecurity by making clear its intention to purchase Mandiant and integrate the company into Google Cloud. Alphabet Inc. plans to acquire Mandiant Inc. for roughly $5.4 billion in a deal that could unleash a long-awaited consolidation across the cybersecurity industry. According to Bloomberg, “As it seeks to expand its third-place cloud-infrastructure unit, which sells computing power and storage via the internet, buying Mandiant will give Google a fuller range of software tools to protect clients by responding quickly to online threats.” That move could portend more purchases by larger companies in this area. “We believe this deal will have a major ripple impact across the cybersecurity space as cloud stalwarts Amazon and Microsoft will now be pressured into M&A,” Wedbush analyst Dan Ives wrote.
According to Emily Bary in MarketWatch, “The cybersecurity industry has long been seen as a tech sector in need of consolidation, as companies are forced to sign up with dozens of vendors for different security products for different needs.” Bary also points out the shortage of cybersecurity professionals, leaving big companies scrambling to protect themselves.
The hacking threats continue, particularly with the Ukraine/Russia situation, which has lent the moves made by both the regulatory and business sides more urgency. Even before the invasion, on February 23, CBS reported that CISA warned “IT departments everywhere to monitor for suspicious activity that could disrupt their business or government operations.” According to CBS, “the technology consulting firm Wedbush affirmed the alert and issued a report warning U.S. financial institutions, enterprise data centers and logistics companies to prepare for Russia-directed cyberattacks.”
Forbes reports, “Immediately after the conflict broke out, suspected Russian-sourced cyber-attacks were observed over a 48-hour period at an increase of over 800%.” On March 8, fifteen members of Congress and more than 100 staffers gathered after hours for a briefing on the elevated Russian cyberthreat, according to Joseph Marks in The Washington Post. There were warnings that Putin has demonstrated a willingness to cross “Western red lines” by invading Ukraine, which means that he might also “launch destructive hacks at critical infrastructure, in addition to ransomware attacks. Officials urged people not to let their guards down just because Russia hadn’t yet been clobbering Ukraine with cyberattacks (and there are lots of theories about why that might – or might not – be the case). According to many, the stakes are much higher than they were even two years ago.
And on March 21, according to Cyberscoop, the Biden administration renewed calls “for the private sector to address known vulnerabilities and shore up cyber defenses in light of a looming possibility of a cyberattack from Russia on U.S. infrastructure.”
As the cybersecurity threats escalate, so does the need for cybersecurity professionals – even as it remains an industry that is short staffed. Due to these staff shortages, Microsoft, Google, and IBM committed to training hundreds of thousands of people. We are sure there will be more training initiatives to meet this crucial need.
In fact, CYRIN is excited to be part of this new wave of training. CYRIN has entered into two new partnerships with QA Ltd and Cyber Ireland to help train the students for the workforce that will be needed as cybersecurity becomes front and center in the battlefield of the future.
As Jacob Carpenter writes in Fortune, “Nothing brings people together like a common enemy.” “With the mounting threat of Putin launching more cyber attacks against Ukraine or even the U.S., there has never been a more critical time to act to strengthen our cyber defenses,” Senate Intelligence Committee Chairman Mark Warner, D-Va., tweeted. Let’s hope we do just that.
The evidence is in. It’s well past time to get ready to defend against hackers, whether they are nation state actors or people just looking to make money. CYRIN can help. Our eLearning platform is a simple to use web-based training system that has provided comprehensive training to people in charge of the most sensitive networks in the world — America’s military and first responders. We have some of the best content including skills development labs, individual or team exercises, and multiple cyber-attack scenarios.
CYRIN, in a virtual environment, is as close to a real-world experience as you can get. We create real-life scenarios to help your team, your learners and your company be prepared and protected – for whatever comes next. To see what we can do for your team, contact us for further information and your personalized demonstration of CYRIN.