The Colonial Pipeline cyberattack was a ransomware attack. It was a financially driven cybercrime and unfortunately, it happens all too often. Our Nation is extremely bright and at the top of technology and security, yet we still see so many successful cyber-attacks. Businesses of all sizes are suffering cyber threats and cybercrime daily.
When we heard about SolarWinds cyberattack late last year, some of us may have nodded our heads acknowledging the importance of cybersecurity but the Colonial Pipeline attack is a really big wake-up call to small and big businesses, alike. Cyber Resiliency starts with good control of our security posture. It’s about giving priority to the digital systems we utilize to run our operations or deliver our services. It is about investing in a risk mitigation plan and having a buttoned-up security posture and cyber-incident response suited for our businesses to mitigate our vulnerabilities and protect our assets. A very big part of achieving cyber resiliency is cyber awareness training.
We need to protect our business from cyberattacks, and if breached, our company needs to survive a devastating cyberattack with minimal disruption or detrimental financial consequences. Cyberattacks are the single largest risk to our business today. This year alone, businesses have experienced an eye-opening 80% increase in cyberattacks with Ransomware attacks up 148% and phishing attacks up 600%. The odds that our business is the next target in a cyberattack have never been higher. For this reason, many businesses are seeking an additional layer of protection in the form of Cybersecurity & Cyber Liability Insurance.
Small businesses, DoD contractors and private contractors are particularly vulnerable because many of them do not have the necessary resources to have buttoned up cybersecurity posture and hire full-time cybersecurity experts. It’s no surprise that small businesses comprise half to three-quarters of all ransomware victims. And when these businesses do become targets, it can have devastating and permanent impacts, forcing some to close their doors permanently.
The good news is that DoD and Government Contractors don’t have to implement cybersecurity requirements alone and there are affordable solutions for every budget. That is why the Department of Defense has laid out security measures to help businesses to understand their responsibility and respond to a cyberattack with more preparedness. The Cybersecurity Maturity Model Certification identifies the level of security you need as a small business and as a Federal Contractor.
In the past, vendors were able to self-certify that they were meeting the security requirements of NIST 800-171. Unfortunately, this isn’t working out very well and some vulnerabilities could easily be avoided. There is no doubt that cybercrime has been increasing rapidly and we need to protect our businesses as one Nation. The DoD has a very secure cyber environment, so hackers are constantly trying to hack into vendors, such as SolarWinds cyberattack, and then swim upstream to all the networks that are connected to the vendor, including DoD. In the previous contracting model, the DoD focused on four areas: *cost *schedule *performance, and *cybersecurity. Since cybersecurity needs to be buttoned up top to down with minimal vulnerability, the DoD has switched the focus to building a foundation on cybersecurity.
Having a CMMC not only shows that you are building a cyber secure culture as you serve the government, but it also gives you the best opportunity to go to the front of the line for DoD contracts. Anybody who is not certified is not even allowed to bid on the DoD contracts. This will put you way ahead of the pack and give you the best opportunity to increase your profitability in the government space. Cybersecurity and building cyber resiliency are not a ‘one and done’ model but rather a foundation that our government is teaching us to give importance to. By having the certification for your level, building a buttoned-up cybersecurity posture, and having cyber insurance to protect you financially if you face cyber threats, you are helping your own business to get more contracts and have a cyber secure and financially promising future!