• Solutions
    get-secured-now-icon
    ArmorText Suite

    Designed to protect your most critical roles and operations without compromising security or compliance.

    Schedule A Demo
    Products Menu Icon
    Products
    Services Menu Icon
    Services
    Competition Menu Icon
    Competition
  • Use Cases
    Use Cases Menu Icon
    Tier & Protect Strategy™

    Government and defense utilize distinct channels for secret and top secret comms. Your SOC, IR, and Theat communications deserve that same treatment. Deploying an Out of Band comms tool is easy as it runs alongside your day-to-day comms and is only used by a select group of critical roles in your org.

    Schedule A Demo
    Use Case Menu Icon
    Use Cases
    solutions-icon
    Business Case
  • Company
    armortext-footer-logo
    Who We Are
    When a crisis hits, there’s no room for error. You need a partner with proven information security knowledge and real-world problem-solving expertise. ArmorText is here for you.
    About Us
    Company Menu Icon
    Company
  • Resources
    resources-icon
    Resources to
    Keep You Secured
    Keeping your communications safe from the bad guys is an always-moving target. Check out these resources for the latest news, views, and tips on staying safe.
    Learn More
    Resources Menu Icon
    Resources
    Start Here Menu Icon
    Start Here
  • Get Secure Now
    download-icon
    Get Secure Now
    Don’t wait for a cyberattack to put a secure communications plan in place. Get in touch with us today to schedule a personalized ArmorText demo.
    Learn More
    laptop-icon
    Pricing & Downloads
Search
Schedule a Demo

Cybersecurity is a Shared Responsibility

Introduction

In today’s interconnected world, the cybersecurity landscape is evolving at an unprecedented pace. Two major perspectives have emerged in the discourse, with one focusing on organizational accountability for cybersecurity and the other shifting the responsibility from customers to manufacturers. These viewpoints are not mutually exclusive, but rather, they form a composite picture of the cybersecurity reality we face today.

Organizational Responsibility in Cybersecurity

Jen Easterly, the Director of the Cybersecurity and Infrastructure Security Agency (CISA), has championed the perspective of organizational responsibility in cybersecurity. Easterly emphasizes that enterprises must consider cybersecurity as a matter of good governance and daily operational practice. Rather than relying solely on Public Service Announcements (PSAs) or reactive measures, Easterly asserts that strong cyber defense should be embedded in all sectors, with organizational leadership holding accountability for their cybersecurity infrastructure.

Shifting the Burden – From Customers to Manufacturers

In recent times, there has been a significant push towards shifting the responsibility of cybersecurity from customers to manufacturers. This shift is reflected in the release of a new set of principles by a coalition of federal and international security agencies, which urges technology manufacturers to prioritize customer safety and incorporate built-in cybersecurity features in their products. This secure-by-design and secure-by-default approach aims to ensure that products are resilient against prevalent exploitation techniques, thereby reducing the cybersecurity burden on organizations.

The Role of Enterprises – The “Left of Bang” Perspective

However, this shift does not absolve enterprises of their responsibility in maintaining cybersecurity. The concept of “Left of Bang” – being proactive rather than reactive to threats – is a critical aspect of enterprise responsibility. Organizations must adopt and use protective measures not just in case of an actual breach, but in anticipation of potential threats.

Take for example communications. Many organizations have begun to adopt and plan for the use of out of band communications channels in case of an incident. But, moving “Left of Bang”, requires a transition from merely using these channels to communicate in response to incidents to securing day-to-day communications, particularly in Security Operations, DevSecOps, and Threat Intel Sharing.

Why is there such an emphasis on these areas? These fields of operation within an organization often contain highly valuable information that, if fallen into the wrong hands, could provide threat actors with the roadmap they need to perpetrate or continue their attacks. By understanding the potential risk within these pre-incident communications, organizations can mitigate the likelihood of these valuable details being exploited by threat actors.

The idea is not to wait for the “bang” – the security incident – but to take action to the left of it. The specifics of what makes these areas so critical and the types of valuable information they often contain is a topic that deserves its own dedicated treatment and will be explored further in a future discussion.

The Shared Responsibility Model – A Balance of Onus

In the grand scheme of things, cybersecurity follows a shared responsibility model where both manufacturers and organizations play pivotal roles. Not all products can offer the same levels of security while maintaining expected functionality and user experience. This necessitates a “Tier and Protect Strategy™️,” where different tiers of communication and data are given varying levels of protection based on their sensitivity and importance. This approach mirrors strategies long employed by government, defense, and intelligence agencies in dealing with classified and unclassified information. ArmorText enables the private sector to adopt this proven strategy for communications and collaboration, bringing the right levels of security where it’s needed most, without requiring all communications to move over to ArmorText unnecessarily.

Conclusion

Cybersecurity in today’s world is a multifaceted issue, with organizational accountability, manufacturer responsibility, and enterprise vigilance playing essential roles. By adopting a proactive stance and embracing the shared responsibility model, we can create a safer digital environment for organizations. It’s not just about avoiding the “bang” but moving left of it, working together to ensure our cyber infrastructure is robust and resilient. The exchange of ideas, principles, and strategies between the government and the private sector will ultimately benefit all, fostering a dynamic and collaborative cybersecurity landscape that continually evolves and improves.

Share on social

Let’s see what Armortext can provide for your company.

Schedule a Demo
Speak to An Expert

Other blog posts

armortext-footer-logo

A Secure Out of Band Collaboration Platform for Critical Communications

Navigation

Download

Get In Touch

Schedule a Demo With Our Team Now

Copyright 2022 ArmorText | All Rights Reserved

Schedule a Demo
Search