- Improving cyber hygiene and working to reduce and control cyber crime are just two of the cybersecurity strategy recommendations from the Center for Strategic and International Studies (CSIS) in its recent Cyber Policy Task Force report.
CSIS submitted the report to President Donald Trump, making suggestions for how the new administration should best approach creating a national approach to cybersecurity.
The report builds on the 2009 Commission on Cybersecurity, which submitted for President Barack Obama. There has been significant activity since the previous report was published, but there are still several areas of risk, according to CSIS.
“We are still at risk because the intricate structure of networks we have built is based on technologies that are inherently vulnerable,” the report’s authors explained. “In addition, the enforcement of laws in cyberspace is intrinsically difficult, and some countries refuse to cooperate in prosecuting cybercriminals. Nations are also unwilling to forsake the benefits of cyber espionage or military cyber operations.”
There are five key issues that must be addressed by the new administration, the report states:
- Decide on a new international strategy to account for a very different and dangerous global security environment
- Make a greater effort to reduce and control cyber crime
- Accelerate efforts to secure critical infrastructures and services and improve “cyber hygiene” across economic sectors. This includes securing government agencies and services and improving identity authentication
- Identify where federal involvement in resource issues is necessary and where it is best left to the private sector
- Clarify the Department of Homeland Security’s (DHS) role, and either strengthen DHS or create a new cybersecurity agency.
The cybersecurity landscape has evolved since 2009, CSIS noted. However, creating consequences for foreign actors and incentivizing domestic actors to provide better cybersecurity can both be essential tools in strengthening the nation’s approach to keeping information protected.
“After eight years, there is far greater awareness of risk, the United States is better prepared, but from an attacker’s perspective, cyberspace remains an area of almost boundless opportunity,” the reported stated. “Cyber crime and espionage remain omnipresent, but powerful opponents have used cyber attack as a coercive tool against the United States and its interests and there are new threats to the integrity of sensitive.”
Cyber hygiene and securing infrastructure have both been key issues in healthcare cybersecurity. A recent MarketsandMarkets report said that the healthcare industry is facing more ransomware attacks than any other vertical and is expected to grow at the highest CAGR in the Ransomware Protection Market.
With healthcare continuing to implement web and mobile applications for banking transactions and payments, the BFSI vertical is also predicted to dominate the Ransomware Protection Market.
“Organizations are increasingly adopting threat intelligence solutions to combat ransomware and other advanced cyber threats, as these solutions provide effective and reliable threat detection to alleviate cyber threats based on security events and security intelligence feeds to manage business risks,” MarketsandMarkets said in a statement.
The Commission on Enhancing National Cybersecurity released a similar report to the CSIS one recently, making recommendations for how a culture of cybersecurity can be properly incentivized.
The Commission is comprised of “top strategic, business, and technical thinkers from outside of Government,” the White House stated in 2016.
“As the world becomes more immersed in and dependent on the information revolution, the pace of intrusions, disruptions, manipulations, and thefts also quickens,” the report’s authors wrote. “Technological advancement is outpacing security and will continue to do so unless we change how we approach and implement cybersecurity strategies and practices.”
The Commission said that products are often rushed to market, and technology companies are under significant market pressure to innovate and quickly move items to market. However, this often means that cybersecurity becomes an afterthought.
This has been a common issue in healthcare cybersecurity as well, noted Lee Kim, director of privacy and security for HIMSS North America.
“Some resources that software development companies can turn to include, but are not limited to, secure coding standards and threat modeling resources,” Kim explained in a 2016 blog post discussing the Commission’s report. “Imagine a world where healthcare organizations can devote more time to taking care of patients instead of fighting with technology—more secure products would be a boon.”