Back in October, the Cybersecurity and Infrastructure Security Agency (CISA) released a series of cybersecurity performance goals. These voluntary guidelines were designed to offer businesses across the United States advice on ways to bolster their resilience against a rising trend of malicious cyber activity.
This week, those goals were revised to more closely align with the cybersecurity framework developed by the National Institute of Standards and Technology.
“As the nation’s cyber defense agency, one of CISA’s most important roles is to understand the challenges facing organizations, both large and small, in order to make progress on the shared goal of reducing cyber risk to the critical infrastructure Americans rely on every day,” wrote Jen Easterly, Director of CISA. “Over the past several years, as our nation has faced unprecedented cyber threats from ransomware to nation-state espionage, we have heard a common refrain from organizations across the spectrum, from the largest multinational corporations to state and local governments, to critical infrastructure entities of all sizes: How can we focus investment toward the most impactful security outcomes?”
She added that it became clear that, even with comprehensive guidance from sources like the NIST Cybersecurity Framework, many organizations would benefit from help identifying and prioritizing the most important cybersecurity practices along with support in making a compelling argument to ensure adequate resources for driving down risk.
The organization has identified four key challenges that leave our nation at serious risk including that:
- Many organizations have not adopted fundamental security protections.
- Small- and medium-sized organizations are often left behind
- Lack of consistent standards and cyber maturity across critical infrastructure sectors
- And OT cybersecurity often remains overlooked and under-resourced.
In revising the goals, CISA received a wide range of feedback from stakeholders, including other federal agencies, international partners and members of the private sector. For months, CISA officials have been meeting with members of local communities across the country to find out how a rise in malicious activity is impacting businesses and Americans
The revised goals include updated guidance on implementing phishing-resistant multi-factor authentication. This comes as the industry has faced a wave of malicious attacks over the past year where threat actors have targeted organizations using sophisticated social engineering techniques.
Click here to read the revised goals in full.