By Phil Kirk Regional Director, Cybersecurity, and Infrastructure Security Agency (CISA)
Cybersecurity. If you had not heard that word much in the past few years, unfortunately you’ll be hearing it more and more in the future.
As Regional Director of the federal government’s newest agency, whose job it is to help protect against cyberattacks, I know this word well. But for many individuals, organizations and agencies, this is a new word being thrust upon you and you are left wondering – what is the cyber threat to me and my community, and what can I do about it?
First, the threat is real. Malicious actors in Russia, China and other parts of the world are working to disrupt or disable our infrastructure by hacking into our IT systems. Cyber criminals are looking to profit from poor cybersecurity practices through ransomware. Critical infrastructure like power grids and water treatment systems are being targeted. County and city governments are being targeted. Individuals are also increasingly being targeted.
The question you need to be asking right now is, “Am I, or my organization, prepared to respond and defend against cyberattacks?” Far too often across Missouri, the answer to that question is “no.”
So, what does cyber protection for a business or organization look like? It’s two-fold – investments in cybersecurity – and working with your Information Technology (IT) and IT Security staff to ensure the right defenses are in place now.
Let’s start with the first one – Investment in cybersecurity. Many view it as a sunk cost. We invest in IT security and what do we see from it? No new buildings, or faster computers, or improved government services. However, what you do get is peace of mind knowing you’ve done all you can to secure your data and the avoidance of a costly intrusion that could shutter the vital services you provide to your citizens.
Investing in cybersecurity should be a priority of businesses and organizations at all levels. It is that critical because this problem is not going away anytime soon and will only worsen over time.
The next step is to get to know your IT Security leaders. Seek their advice. Ask them; What is our cyber risk? How do you know if something is wrong? What information and systems are we protecting? Do we have a plan if something does go wrong?
For individuals, I encourage you to visit CISA’s “More Than a Password” campaign webpage at More Than a Password | CISA. This campaign aims to demystify another phrase you may have also heard recently, “multi factor authentication”. Whether you call it multi-factor or two-factor authentication, requiring more than a simple password to login to your online accounts can make you 99% less likely to get hacked.
Think of it like an airbag or the seatbelt in your car—an extra layer to keep you safe in the event of an accident. We need to get the word out that to stay safe online, every American needs to have “More Than a Password” on all their sensitive accounts.
I encourage everyone to also visit the CISA “Shields-Up” webpage at Shields Up | CISA. Here you can find the latest national cyber alerts to get a feel for the types of cyberattacks impacting our country along with a host of other information like the “Known Exploited Vulnerabilities Catalog”, and cybersecurity “Recommendations for Corporate Leaders and CEOs”.
On the website you’ll also find some basic tips for practicing good cyber hygiene such as:
- Use strong authentication across your systems including unique passwords and multi-factor authentication.
- Ensure your software is up to date and use anti-virus software
- Train your staff – think before you click.
- Prepare to respond if an incident happens. Have staff on-hand and ready to help.
Collaborating with individuals, the Missouri business community and municipalities across the state is a core element to our work. It also happens to be a great way to fight cyberattacks. If we partner together to defend our systems against malicious threats, we can all learn from each other and improve our defenses, collectively.
Whether you know it or not, you are on the front lines of our nation’s cyber defenses. Good cybersecurity not only protects your community, but it also protects America’s security.
Now is the time to put our collective shields up and rely on more than a password to secure our online accounts, Missouri. I challenge the citizens of the Show-Me State to lead by example. Take the time to protect your online accounts. You’ll be glad you did.
Phil Kirk Regional Director, Cybersecurity, and Infrastructure Security Agency (CISA)