Page 43 - Cyber Defense eMagazine January 2024
P. 43

What CMMC Accomplishes

            It’s essential for business leaders to understand that cybersecurity measures are not necessarily industry
            specific.  Anti-virus  software  packages,  enterprise-level  firewalls,  virtual  private  networks,  and  other
            commonly used data protection strategies are deployed across the healthcare, financial, manufacturing,
            and military industrial  base. Cybersecurity  professionals  and software  developers  continue  to find new
            ways  to  protect  sensitive  and  valuable  digital  assets,  including  those  in  the  military  supply  chain,  to
            respond to newly minted hacking schemes. The point is that the following controls, embedded in CMMC
            2.0, can deliver a determined cybersecurity posture that benefits any business.



            Access Control

            The DoD mandate requires outfits to impose network access limits on legitimate users, including internal
            and remote access to information  on a network. The concept of limited data access mirrors that of the
            “zero-trust”  profiles  cybersecurity  experts  recommend  companies  utilize.  This essentially  prevents  any
            user  from  gaining  access  to  sensitive  and  valuable  information  that  isn’t  necessary  to complete  their
            respective  tasks.  Should  a hacker  learn  someone’s  login  credentials,  the criminal  runs  into the  same
            restrictions.




            Awareness and Training

            Providing cybersecurity awareness  training to employees is not restricted to the military industrial base.
            Studies indicate that human error accounts for 88 to 95 percent of all data breaches. When companies
            integrate  awareness  training  into  their  security  plan,  employees  are  far  less  vulnerable  to  phishing
            schemes  and  social  engineering.  Instead  of  being a  weakness,  staff  members  become  a front  line of
            defense. That’s precisely why CMMC 2.0 insists workforces know the telltale signs of a hacking threat.



            Risk Management

            Commonly referred to as “cybersecurity  risk management,” this concept speaks to how industry leaders
            invest  in data security.  A third-party  managed  IT firm  with cybersecurity  expertise  typically  runs a risk
            assessment to determine a system’s strength and vulnerabilities. Then, business leaders review the risk
            assessment  report to make informed decisions  about how to deploy their resources.  The conventional
            wisdom is that critical data and vital systems enjoy the greatest protection and security investment. Only
            by understanding  risk can strategic policies and best practices be established in any organization.



            Incident Response

            Organizations  that  operate  within  the  military  industrial  base  face  advanced  persistent  threats  from
            America’s adversaries.  These threat actors possess the funding, tools, technologies,  and sophisticated





            Cyber Defense eMagazine – January 2024 Edition                                                                                                                                                                                                          43
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   38   39   40   41   42   43   44   45   46   47   48