The past year has led many people and organizations to depend more on technology, completely changing the way they operate. With the increased dependency of technology, it should come as no surprise that the number of breaches and security risks have increased as well.
In fact, cyber security attacks have risen by 35% during COVID, and have exposed significant supply chain vulnerabilities in some of the largest government entities today. As a result, the Biden administration signed a new executive order defining cyber security requirements government entities must meet, directed by organizational needs.
Some of the requirements include:
As it stands now, there are no deadlines for the requirements on organizations yet. However, what it does mean is that organizations that are trying to work with the government have a new bar similar to the impact on digital privacy seen with the enactment of General Data Protection Regulation (GDPR).
In essence, this order is a way to define how organizations would need to operate and/or hold themselves accountable for security risks as a government entity. In this episode of AppSec Decoded, Tim Mackey, principal security strategist at Black Duck Cybersecurity Research Center (CyRC), discusses how this order will change the way government entities or the heads of those entities operate to adjust to the surge of security threats.