IBM reports that data breaches targeting the public sector grew 78.7% in 2020-2021. President Biden met recently with private sector industry leaders in Tech, Education, Energy, Finance and Insurance private sector companies to discuss how the public and private sectors can collaborate to improve the nation’s security
On Wednesday, Aug. 25, President Joe Biden met with dozens of private sector leaders whose companies span multiple industries — Tech, Insurance, Finance, Critical Infrastructure and Education. Some of the Tech Who’s Who of companies include Amazon, Apple, IBM, Microsoft, and ADP. The White House’s press briefing states that the purpose of the meeting was to discuss how the public and private sector collectively can work together to help the country better address the cybersecurity threats targeting the country.
It’s obvious why cybersecurity is such a priority for U.S. leaders. Data from IBM’s aforementioned 2021 Cost of a Data Breach Report shows that the United States continues to lead the way in terms of having the highest average total costs: $9.05 million in 2020-2021. Compare this to the average total cost of a data breach for businesses globally, which was $4.24 million.
But what did this meeting specifically entail? And what practical tips do industry leaders share regarding how businesses can improve their own cyber defenses?
Let’s hash it out.
An Overview of What President Biden & These Industry Leaders Discussed
This gathering of leaders focused on how public and private sector organizations can work together more closely than ever before on new cyber security initiatives. The gist of what President Biden shared was that for the nation as a whole to meet the new (and increasing) cyber threats, there needs to be greater collaboration between organizations and entities within these sectors.
In addition to the main meeting, three additional parallel sessions were held afterward that included Biden and members of his Cabinet and national security team. These meetings addressed:
- Concerns relating to cyber resiliency of critical infrastructure (finance, water and energy),
- How insurance and tech can help businesses improve their cybersecurity practices, and
- Ways to meet industry workforce needs through educating a skilled workforce.
Increasing Cyber Attacks & Breaches Underscores Need for Greater Security Across All Industries
In December 2020, the SolarWinds breach shook the cybersecurity industry to its core. The supply chain attack, which went undiscovered for an extended period before being identified and addressed, was a private sector event that left thousands of organizations, including U.S. government agencies and Fortune 500 companies, exposed in its wake.
But they’re not alone — organizations across all sectors are increasingly being affected by cyber attacks, many of which result in data exposure. IBM’s report breaks down the average total data breach costs of more than a dozen industries in 2020 and 2021:
By and large, with the exception of a handful of industries, the costs associated with these breaches are growing.
This series of meetings relates to several key cybersecurity-related initiatives that President Biden’s administration has pushed in recent months:
- Issuing an executive order that aims to improve security-related technologize to modernize federal defenses,
- Encouraging NATO to adopt a new cyber defense policy for the first time in seven years,
- Issuing a National Security Memorandum that outlines goals and expectations regarding improvements for critical infrastructure, and
- Announcing a new collaborative partnership between the National Institute of Standards and Technology (NIST) and other industry partners (including several of the tech companies mentioned below) that aims to improve IT supply chain security.
The Meeting Prompted Commitments From Tech & Other Industry Leaders
The White House’s press announcement shares the following highlights from tech leaders:
- Amazon has a two-part plan that involves:
- Sharing their employee security awareness training with all AWS account holders (at no cost) starting in October, and
- Providing qualified with multi-factor authentication (MFA) security devices to help secure their authentication processes.
- Apple plans to establish a new program that focuses on improving IT supply chain security by helping its supplies adopt enhanced security processes and technologies.
- Google says their multi-part plan includes:
- Investing $10 billion over the next five years to improve open-source and supply chain security, and
- Helping 100,000 Americans skill up with industry-recognized certificates to help expand the cybersecurity workforce.
- IBM commits to increase workforce diversity and provide training to 150,000 people over the next three years.
- Microsoft will invest $20 billion over the next five years to ramp up the company’s efforts to create more advanced security solutions.
How You Can Improve the Security Practices & Defenses of Your Organization
We reached out to several of these companies via email to see if they could share one practical cybersecurity tip to help businesses become more cyber secure. Amazon Web Services (AWS) responded with the following, highlighting the importance of adding layers to your security:
“We know that one of the best defenses against sophisticated adversaries are hardware authentication tokens. Multi-factor authentication (MFA) offers layers of protection against malware, phishing, and session hijacking, while also providing the ability to connect with other token-enabled applications, such as popular webmail services. At AWS, we see better security results when customers use MFAs. That’s why we’ve made the decision to offer all qualified AWS account holders access to a free multi-factor authentication (MFA) token, starting in October.”
Tim Byrd, Chief Information Security Officer at the financial services company TIAA (Teachers Insurance and Annuity Association), shares the following:
“The best advice I can give is to invest in well-trained cybersecurity associates. At TIAA, we have partnered with higher education institutions like NYU Tandon to make continuing education easy to access and affordable. Our associates become subject matter experts and we are better able to protect our clients.”
Code.org CEO Hadi Partovi, who also participated in the event, also reiterated the importance of education on his Twitter page following the meeting:
But in addition to training your employees and other authorized users, what are some of the other things small businesses, enterprises, and other organizations can do to shore up their cybersecurity defenses?
- Carry out regular cybersecurity risk assessments as part of your vulnerability management efforts.
- Use access controls and access management best practices to ensure that only verified, authorized users can access to your secure resources and sensitive data.
- Implement steps to improve your data center security and take your physical IT infrastructure to the next level.
- Secure your digital resources against SQL injections, cross-site scripting, and other web application attacks.
- Use encryption to secure your data both when it’s at rest and in transit (such as by using a website security certificate for the latter).
- Follow email security best practices and use BIMI and VMCs (“brand indicators for message identification” and “verified mark certificates”) to increase brand recognition and security.
This gathering at the White House represents the first step toward greater collaboration between public and private sector organizations. But what would likely make these collaborations greater and more effective would be to include the IT security, cyber security and risk management leaders within these organizations as well.
Inviting the CISOs, CIOs, and senior managers from across these different private sector organizations would be a smart move. They bring years of practical, technical knowledge, skills and experience to the table. When you’re working to create practical solutions to these security challenges, these voices should be included in these important conversations.