Page 43 - Cyber Defense eMagazine January 2024
P. 43
What CMMC Accomplishes
It’s essential for business leaders to understand that cybersecurity measures are not necessarily industry
specific. Anti-virus software packages, enterprise-level firewalls, virtual private networks, and other
commonly used data protection strategies are deployed across the healthcare, financial, manufacturing,
and military industrial base. Cybersecurity professionals and software developers continue to find new
ways to protect sensitive and valuable digital assets, including those in the military supply chain, to
respond to newly minted hacking schemes. The point is that the following controls, embedded in CMMC
2.0, can deliver a determined cybersecurity posture that benefits any business.
Access Control
The DoD mandate requires outfits to impose network access limits on legitimate users, including internal
and remote access to information on a network. The concept of limited data access mirrors that of the
“zero-trust” profiles cybersecurity experts recommend companies utilize. This essentially prevents any
user from gaining access to sensitive and valuable information that isn’t necessary to complete their
respective tasks. Should a hacker learn someone’s login credentials, the criminal runs into the same
restrictions.
Awareness and Training
Providing cybersecurity awareness training to employees is not restricted to the military industrial base.
Studies indicate that human error accounts for 88 to 95 percent of all data breaches. When companies
integrate awareness training into their security plan, employees are far less vulnerable to phishing
schemes and social engineering. Instead of being a weakness, staff members become a front line of
defense. That’s precisely why CMMC 2.0 insists workforces know the telltale signs of a hacking threat.
Risk Management
Commonly referred to as “cybersecurity risk management,” this concept speaks to how industry leaders
invest in data security. A third-party managed IT firm with cybersecurity expertise typically runs a risk
assessment to determine a system’s strength and vulnerabilities. Then, business leaders review the risk
assessment report to make informed decisions about how to deploy their resources. The conventional
wisdom is that critical data and vital systems enjoy the greatest protection and security investment. Only
by understanding risk can strategic policies and best practices be established in any organization.
Incident Response
Organizations that operate within the military industrial base face advanced persistent threats from
America’s adversaries. These threat actors possess the funding, tools, technologies, and sophisticated
Cyber Defense eMagazine – January 2024 Edition 43
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.