How clearly can you see the forest? The Defense Industrial Base (DIB) is ramping up its cybersecurity efforts. Are you ready for the CMMC audits next year? And is CMMC enough?
According to the “Behind the Firewall: Assessing Cyber Resilience in U.S. Manufacturing” report published in June 2024 by the DoD, 82% of companies are boosting their cybersecurity budgets. This surge in investment reflects a broader commitment to protecting our national security.
Key areas of focus include:
• Endpoint security, network security, and data encryption.
• Machine learning (ML) and artificial intelligence (AI) for better threat management.
• Proactive cybersecurity strategies using SOAR tools.
One of the big disappointments in the report was the lack of questions about social engineering. According to a 2023 Verizon study, 74% of information compromises are due to human error or insider threats – not hackers brute-forcing their way into vulnerable systems. CMMC requires for Authorized Access Control (AC.1.-3.1.1), Separation of Duties (AC.L2-3.1.4), Insider Threat Awareness (AT.L2-3.2.3), and the Audit and Accountability practices touch on the human element. But, they skirt around the subject.
This underscores the importance of having a comprehensive information security program that addresses not only the controls needed to pass CMMC audits, but addresses the intent of DFARS clauses: protect our critical defense information.
The CMMC audits are a wake-up call for all DIB manufacturers. Most seem to be planning budgets for it. They realize they need to get ready. But is not clear that the budgets include comprehensive planning to achieve the end goal.
0 Comments