Over the years, we have listened and watched the SMEs and OEMs talk about their efforts in cybersecurity. But when all is said, and the assessment has begun, across the nation, the majority of SMEs and OEMs have their networks supported by non-compliant third-party vendors. Dig deep in the IG and GAO as well as breach after action reports, and you find the untrained and non-compliant weak link of unvetted support businesses. Examine their Service Agreements and the CSF certified organizations are missing cybersecurity requirements such as NIST and ISO. So, what she we do? We should start our transition to NIST and ZTA today, so we are not falling behind as a business. The largest OEMs have promised the US in Washington DC to change and adopt NIST and ZTA. They have promised to spend billions in the transition. And that is a start. In the defense industry, they are farther along the conversion path with NIST 800-171 and CMMC that will affect hundreds of thousands of companies in the supply chain. The worst decision you can make in business is not to change. An even worse decision you can make is to keep using non-compliant cybersecurity support. Soon enough you will be asked to show your CSF credentials and when you have none, you will lose. So, during the last week of Insider Threat month, start fixing the problem in your own area.
During the last week of Insider Threat month, you should consider replacing non-compliant insiders in your network. The difference between a CSF compliant organization and one that is not is like day and night.