No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Cybersecurity

What Can Your Organization Learn From the New CISA Strategic Plan?

Cyber attackers have come a long way, so your security approach needs to, too

by FTI Consulting
January 11, 2023
in Cybersecurity
cisa website

Cyber threats against organizations of all sizes are only rising as scammers and fraudsters become more and more sophisticated. Kyung Kim and Sara Sendek of FTI Consulting dig deep into the recently released CISA strategic plan for tips on adopting the federal recommendations.

Way back in the early days of the internet — 1989 to be exact — a malicious actor committed the first-known ransomware attack in history using floppy disks. He sent these to victims via regular old-fashioned hand-delivered mail.

Flash forward to today and ransomware attacks are far more sophisticated, bold and rampant, posing a serious threat to businesses and governments worldwide. According to the FBI, at least 649 organizations from multiple critical infrastructure sectors across the U.S. reported ransomware attacks in 2021. But given that many of these attacks go unreported, it is impossible to know the real number.

For all their sophistication, what makes ransomware attacks so tricky to combat is how easy it is for hackers to deploy the malware that carries a virus. A malicious actor simply needs to dupe a single victim to gain access to an organization’s entire network. And as more of us use personal devices in our work communications, the surface area for an attack grows larger.

The U.S. federal government created the Cybersecurity and Infrastructure Security Agency (CISA) in 2018 with the goal of understanding, managing and reducing risk to the nation’s cyber and physical infrastructure. In September 2022, CISA issued its first comprehensive strategic plan. The 2023-25 CISA strategic plan addresses the current challenges faced by the public and private sectors and charts a path forward by focusing on four strategic goals: cyber defense, risk reduction and resilience, operational collaboration and agency unification.

data minimization practices_w
Cybersecurity

Ransomware Threats Are Growing. How Can Boards Protect Mission-Critical Assets?

by Jim DeLoach
December 14, 2022

As the sophistication level of cyber attackers continues to rise, there’s probably not a business on Earth that isn’t at risk. While the day-to-day management of the cyber threat falls to others, as Protiviti’s Jim DeLoach explores, company boards need to have a strong hand here.

Read moreDetails

A four-pronged approach

If business leaders want to properly adopt CISA’s recommendations, they will need to take a careful look at their organization’s infrastructure to identify strong and weak points, with cybersecurity teams leading the charge. However, to truly strengthen cybersecurity, all sectors of the business will play a role. Granted, there is no prescribed order, so organizations must determine where from the following four areas is the best place to start.

One area to begin with is cyber defense. In its report, CISA states that its goal is to “spearhead the national effort to ensure the defense and resilience of cyberspace.” Similarly, organizations must make a concerted effort to protect themselves by doing the following:

  • Enhancing the ability of the organization to withstand cyber attacks and incidents.
  • Increasing the organization’s ability to actively detect cyber threats that target critical networks.
  • Driving the disclosure and mitigation of critical cyber vulnerabilities.
  • Advancing the cyber space ecosystem to drive security-by-default.
  • Investing in cybersecurity and ensuring board members and executive leadership have heard from their CISOs and are familiar with the cyber risks at hand.

From there, organizations will want to turn their attention to reducing risk and increasing resilience. That means identifying which areas of the business are most critical, pinpointing specific vulnerabilities and taking steps to patch any security gaps. Remember, it is not a question of if but when a cyber incident will occur. Organizations that are the most resilient to attacks have plans in place and have practiced and communicated this plan from their boards down. Organizations can solidify their strategies by:

  • Expanding visibility into risks to infrastructure, systems and networks.
  • Advancing the organization’s risk analytic capabilities and methodologies.
  • Enhancing the organization’s security and risk mitigation guidance and impact.
  • Building greater stakeholder capacity in infrastructure and network security and resilience.
  • Increasing the organization’s ability to respond to threats and incidents.

Throughout, an organization should focus on strengthening its operational collaboration, which includes proactive information sharing. In many cases, organizations will have systems in place for effective collaboration, but if the cybersecurity push is coming from only one sector of the business, it will never truly stand up to today’s ever-evolving threat landscape. Per CISA’s recommendations, organizations should look to:

  • Optimize collaborative planning and implementation of stakeholder engagements and partnership activities.
  • Fully integrate regional offices into the organization’s operational coordination.
  • Streamline stakeholder access to, and use of, appropriate cybersecurity programs, products and services.
  • Enhance information sharing with the organization’s partnership base.
  • Increase integration of stakeholder insights to inform business product development and mission delivery.

The importance of collaboration cannot be overstated, which is why CISA prioritizes agency unification. For some time now, organization leaders have been discussing this concept of integrating functions, capabilities and the workforce. However, viewing this effort through the lens of cybersecurity may be a way to increase awareness around safe cybersecurity practices. Keeping with CISA’s recommendations, organizations should aim to:

  • Strengthen and integrate the organization’s governance, management and prioritization of cybersecurity best practices.
  • Optimize business operations to be mutually supportive across all divisions.
  • Cultivate and grow the organization’s high-performing workforce.
  • Advance the organization’s culture of excellence.

Looking ahead

It is hard to believe that something as primitive as a floppy disk could once have posed such a serious threat to business. Then again, given the pace of ransomware attacks today, we may look back at this time in the same light. Any way you slice it, the threat landscape is growing more insidious. The best way to fight back is by implementing proactive measures focused on readiness and resilience, following the guidance of industry leaders and reviewing the CISA plan.

This article was first published at FTIConsulting.com. It is republished here with permission.


Tags: Cyber RiskCybercrime
Previous Post

Getting Personal: Human Connection More Important Than Numbers in DEI

Next Post

Using FinCEN Alerts as a Roadmap to Comply With New Anti-Kleptocracy Regulations

FTI Consulting

FTI Consulting

Related Posts

news roundup green bars

In-House Counsel Salary Increases Slow

by Staff and Wire Reports
May 2, 2025

Majority of execs predict rise in fincrime in ’25

data abstract green purple

66% of CISOs Worry Cyber Threats Are More Advanced Than Companies’ Defenses

by Staff and Wire Reports
April 25, 2025

US business sector falling behind in adoption of renewable energy

robot hand pointing to sky

Agentic AI Can Be Force Multiplier — for Criminals, Too

by Steve Durbin
April 21, 2025

How polymorphic malware and synthetic identities are creating unprecedented attack vectors

data abstract pixelated

GenAI Adoption Surging in Professional Services

by Staff and Wire Reports
April 18, 2025

Fewer than 1 in 3 organizations consistently meet cyber compliance standards

Next Post
kleptocracy

Using FinCEN Alerts as a Roadmap to Comply With New Anti-Kleptocracy Regulations

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights