The DOD adopted CMMC just prior to 2021 to enforce the protection of federal contract information and ensure control of unclassified information throughout its supply chain. That information is referred to as Controlled Unclassified Information (CUI). It is defined as digital and physical information created by a government or entity on its behalf that, while not classified, is still sensitive and requires protection. Even though it isn’t classified, this information can be secret or top secret. Past supply-chain breaches that may have exposed some of this very sensitive information that could adversely impact national security have made headlines.
In mid-2021, Gartner forecast that more than half of global knowledge workers would be remote by the end of the year. While those year-end numbers aren’t in yet, if you’re in IT, you’re already dealing with this growing trend, not necessarily in a good way. A global industry study found that 74% of organizations attribute recent cyberattacks that affected their business to vulnerabilities resulting from pandemic-driven changes like the massive spike we’ve seen in remote and mobile workforces.
The dispersed workplace creates new kinds of cyber threats, and many organizations face urgent cybersecurity challenges. The rise in remote and hybrid work environments brought about by the pandemic was estimated by Gartner to include 51 % of global workers at the end of this past year. And the prevalence of Work From Home (WFH) will almost certainly continue.
Cybersecurity is already top of mind for every IT pro. And for good reasons. The Identity Theft Resource Center (ITRC) recently released its U.S. data breach findings for the third quarter. The good news is that publicly-reported data breaches decreased 9 percent in Q3 2021 compared to Q2 2021. The bad news is the total number of data breaches through the end of September 2021 already exceeds the total number of events for all of 2020 by 17 percent.
IT departments are under constant pressure to build modern applications that improve customer experiences, automate workflows, and meet business objectives. Often, these applications are built on open-source platforms that contain costs and deliver proven functionality. But there’s one problem with open-source software. Cybercriminals can access the very same software development kit (SDK) that developers use. And because they know you’re building the application package with these open-source libraries, they’ll inherently see where the security flaws are—and be able to identify whether or not you’ve hardened the application.
The statistics are alarming. By mid-year 2021, the vast majority of breaches—85 percent—involved a human element. And 91 percent of breaches start with a phishing attack. These social engineering schemes put your employees squarely in the crosshairs of hackers. And that’s why you need to reinforce secure cyber defense practices with your employees. A successful attack can be incredibly costly in terms of downtime and damage to your business’s reputation, ignoring for a moment the costs that follow if you can’t get your data back at all.
