We found the problem in Florida to be interesting, since we see similar issues in the United States. Here we are advocates for high technology, but long ago, we found that to build a new system, it is a mixture of hardware, software, and an innovative team. Florida is having trouble as well as organizations in Ohio and the US, because cybersecurity departments are not the IT department. Cybersecurity is a new industry with new concepts and new requirements. And old school organizations have trouble with developing, because they surround themselves with low bid vendors and low-level expectations. So how do we fix this in organizations? We start by selecting the most challenging CSF standard, like NIST 800-171. Then we set an organization goal to achieve the requirements and pass internal and external audits in less than 2 years

Will there be challenges, yes. But if you follow the process to build policies, procedures, train, execute and verify steps for each control, your team will wake up within the timeline and you will be strong. Team strong, and not just with a handful of SMEs. This is how high technology companies are built. Set high goals and achieve them with everyone committed that they can respond in short order to any incident. The endstate is that your organization will reinvent itself, and you find new compliant partners like yourself and join the rest of the future driven organizations. The alternative is to do nothing and end up like Florida. It is your decision.

Related article: State lacks cybersecurity staff to counter threats to Florida | Miami Herald

At TechR2, we work with our clients to meet their requirements, but we are also as a leader in Cybersecurity, so we will assist organizations in meeting their CSF goals. TechR2 is CSF Strong.