“Considering the level of network access and privileged capabilities that cybersecurity staff have, it is highly concerning that the entire cybersecurity apparatus is being handed over to non-PRA entities.” reads a memo obtained by news agency Axios.
“Given all of the changes I’ve seen in the past three months, I foresee the White House is posturing itself to be electronically compromised again. Allowing for a large portion of institutional knowledge to concurrently walk right out the front door seems contrary to the best interests of the mission and the organization as a whole.”
The above quote is part of the resignation letter sent by former White House Computer Security Chief Dimitrios Vistakis. It’s a scathing indictment of the agency’s decision to eliminate the Office of the Information Security Officer, established in the wake of a 2014 cyberattack that resulted in a temporary disruption to several key services. Vistakis believes that The White House is prioritizing the president’s comfort over national cybersecurity.
And he may be right. As noted by The Next Web, the Office of the Chief Information Security Officer (OCISO) isn’t the only technology-related agency that’s been gutted in recent months. The Office of Science and Technology and the National Science and Technology Council have been hit with similar cuts.
The only thing that is certain is that de-funding these departments is a terrible idea. We’ve said on more than one occasion that securing corporate assets and information is a team effort, and that still holds true. It’s still everyone’s responsibility, and maintaining a culture of cybersecurity is essential.
At the same time, your organization needs security personnel to direct your efforts. It needs men and women with the necessary expertise to understand which assets need to be protected, why, and from what. In his resignation letter, Vistakis predicted that history will repeat itself – that in the absence of the OCISO, the federal government will again suffer a data breach.
It’s truly not a question of if, but one of when.
As for your own organization, it doesn’t matter if you’re in the public sector or the private sector. It doesn’t matter how large or small your organization is. It doesn’t matter whether or not you think you have data that would be valuable to criminals.
Because inevitably, someone will target you. And if you don’t bother with a cybersecurity team or foist security off on unqualified people, you’ll suffer for it.
Don’t make that mistake. Prioritize the protection of your own assets. Focus on hiring qualified personnel and arming them with the resources they need to protect your business. Only once you’ve done that can you focus on bringing others on-board. Because otherwise, you won’t know where to start.