The President has certainly been busy with budgets this week. Trump has proposed his first federal budget which would give the Department of Homeland Security (DHS) $1.5 billion for cybersecurity. The budget request would slash spend in other government agencies and departments - historically deep cuts - but would prioritize DHS funding, upping it by 6.8 percent. The request, which will be formally delivered to Congress today, also emphasizes the need for increased cooperation between the government and the private sector on cybersecurity.
The proposed budget “safeguards cyberspace with $1.5 billion for DHS activities that protect federal networks and critical infrastructure from an attack,” according to the blueprint. The proposal would essentially cut down or simply get rid of many of the Great Society programs that Republicans have tried to get rid of for years, while making it rain Oprah-style on the Pentagon and Department of Homeland Security (you get new resources, and YOU get new resources...).
According to the Office of Management and Budget Director Mick Mulvaney, who drafted up the request, the budget is based off of promises that Trump made during his campaign. “Through a suite of advanced cybersecurity tools and more assertive defense of government networks, DHS would share more cybersecurity incident information with other federal agencies and the private sector, leading to faster response to cybersecurity attacks directed at federal networks and critical infrastructure,” the blueprint states.
I think we can agree that these are, again, great strides, but remember that Trump has dangled the cyber carrot a few times before without any follow-through. He has stated repeatedly that he aims to make cybersecurity a priority during his presidency, but hasn't yet signed an executive order (think back to the January fakeout).
So, assuming this will indeed go into effect this time, just how would it work? How would the government prioritize cybersecurity? White House adviser Thomas Bossert stated on Wednesday that the Trump administration would require departments and agencies to build a federal cybersecurity framework and accompanying metrics to essentially "score" them on their implementation. The administration would also hold agencies and government departments accountable for their own cybersecurity efforts, and would utilize the whole federal network to become “a larger, more capable, and more lethal joint force.”
It will be interesting to follow this story as it unfolds, and to see if pen is actually put to paper this time around. Our second story brings up a still-prevalent topic in the cyber arena - ransomware. It never went away, but cybersecurity experts have recently surfaced a fresh wave of concerns regarding the horrid attack type. According to the cyber community, smartphones, watches, televisions, fitness trackers and perhaps *cough* microwaves *cough* could be used to hold people to ransom over personal data.
Ransomware has skyrocketed in popularity for hackers in the past year. Not only are personal devices targets, but the risk to business is "significant and growing," states the National Crime Agency and National Cyber Security Centre. A joint report from the NCA and the NCSC says cyber crime is becoming more aggressive. "More devices connecting to the internet meant opportunities for criminals."
In the portion of the report aimed at businesses, the NCA and NCSC state that "This data may not be inherently valuable, and might not be sold on criminal forums but the device and data will be sufficiently valuable to the victim that they will be willing to pay for it." And that's what makes it work so well - hitting folks right in the feels.
Devices must be protected, particularly when it comes to business networks and remote systems. Even something as simple as updating passwords goes a long way. The NCSC also stated that cyber-attacks will continue to evolve and the public and private sectors must work diligently to reduce the threat to critical services and deter would-be attackers.
Our last story takes a look at a new unique DR alliances program that disaster recovery software company Zerto just announced. The program involves partnerships with the likes of companies such as Nutanix, Pure Storage, Amazon and others. In the wake of the increasing number of major cybersecurity incidents (think Delta, Yahoo, DYN, AWS S3, etc.), the idea of the new alliances program is for like-minded tech organizations to be able to easily partner to offer hyper-customized and rigorous IT resilience products to market at a time when it’s sorely needed.
The sheer number of cybersecurity and data disaster incidents are more or less forcing vendors to work together to provide the market with solutions that adequately address this growing problem; solutions to give customers options not otherwise available.
According to experts at Zerto, companies are over-investing in IT security and not putting enough attention towards 'after-the-fact' measures - that is, how to minimize impact when something bad does happen. Organizations need to realize that a breach or disaster of some kind is inevitable and they should be prepared for when, not if, it does.
“Strategic partnerships and alliances have always been a crucial element of Zerto’s success,” said Peter Kerr, Director of Technical Alliances, Zerto. “This program expansion serves to formalize a platform that provides more joint value between Zerto and our alliance partners to mutually grow our businesses, while helping to better serve customers.”
The views expressed in this column do not necessarily reflect the views of Penton Media or The VAR Guy editorial staff.