After all the cybersecurity work some organizations do, they still fall to breaches in their defense for lack of a forward-looking strategy. For all the OEMs reporting major breaches, the Zero Trust Security Model (ZTSM) and a revamping of their strategy need to take high priority. We have stated how OEMs, financial, and healthcare institutions are today giving their data filled products to non-compliant recyclers where the OEM tries to recover 5 cents on a dollar in selling the device that still can have data on it. In the last year, multiple OEMs and large enterprises have self-reported to the US that they discovered the customer data and devices have been exploited by their own inside processes. Instead of following the NIST and ZTSM standards, they choose lesser or no cybersecurity specifications at all. To fix the problem at your enterprise, you start at the top. It should be hard to find flaws, but during an evaluation, the vulnerabilities pop out in the assessment exercise. In US military units, we select a high-level person, and they examine the defenses and report all weaknesses. For today’s exercise based on the NIST criteria, have one of your EVPs, Directors or Project Managers act as an Insider Threat. In 24 hours, have that person access as much data, and download as many documents as they can. Wait for your IT system to report the inside breach to stop the inside perpetrator. You will wait, wait, and wait. At the end of the day, your Insider exercise will show how much data and equipment was taken in from your own headquarters. So, after you fail your own Insider Threat exercise, download the NIST 800-53 CSF and 800-207 ZTA standards, and start to fix your business. Next tell all your non-compliant third- and fourth-party vendors that you are working forward to execute the Presidential Executive Cybersecurity Order and they need to do the same to remain as vendors. Once the same OEMs that met with the President start to follow the NIST and ZTSM requirements, the customer’s data will be much safer.
Related article: National Insider Threat Awareness Month 2021 (cybermagazine.com)
TechR2’s Tear-A-Byte® and Tear-A-Vault® products are designed with multiple layers of data security and monitoring to conform with the Zero Trust Security Model.