Top 2023 Takeaways: Cybersecurity protections, policies, and lessons learned

Cybersecurity has often been the great equalizer for industries, enterprises, operations, and governments alike, and this year saw some tidal shifts in U.S. national policy, state and local approaches, and overall awareness of the size and scope of actual and looming threats from a host of bad actors. Factoring in even more profoundly in 2023 were the major geopolitical conflicts seen in Ukraine and with Hamas-Israel. Cybersecurity is known to have been wielded as a weapon in these types of conflicts, through more sophisticated and persistent attacks. Targeting critical infrastructure continued to be of concern, and given the coordinated casino attacks seen in Las Vegas, Nevada during the summer, cybersecurity is entering into exponentially more conversations than ever before.

CAI explored a variety of angles with cybersecurity this year. Each resource details key considerations and approaches governments can factor into their current and future threat strategies.

Summary of the 2023 National Cybersecurity Strategy: Parts 1, 2, and 3

In March 2023, the Biden-Harris Administration released the National Cybersecurity Strategy, with the goal of providing safe, reliable, and secure internet for business and personal use. Multiple goals were outlined in the introduction and the subsequent pillars. Part 1 of our series reviews the introduction to the strategy, where the President details how it is designed to "better secure cyberspace and ensure the United States is in the strongest possible position to realize all the benefits and potential of our digital future.” ¹ Pillar 1, which focuses on defending critical infrastructure, is also reviewed in this installment.

Part 2 of the series goes into a little more depth on pillars 2 and 3 of the National Cybersecurity Strategy. Pillar 2 focuses on disrupting and dismantling threat actors, with the hope that cybercriminals will abandon malicious activities as an effective means to their monetary or nation-state goals. Pillar 3 discusses shaping market forces to drive security and resilience through good cyber-hygiene throughout the development and implementation of technology.

Part 3 closes the series with an exploration of pillars 4 and 5, with pillar 4 looking ahead to investments in resiliency that build foundations for a secure cybersecurity future. The hope for pillar 5 is to forge international partnerships to pursue shared goals, such as maintaining a free, reliable, and secure internet.

Protecting California’s critical infrastructure against cyberattacks

As the United States’ most populated state, California’s infrastructure is an attractive target for a variety of threat actors. Specifically, their sanitation districts—which are county-run public agencies that manage the conversion of waste into resources like recycled water, energy, and recycled materials. One southern California county serves more than 5 million people, with a service area of more than 800 square miles. Any cyber vulnerability could have dire consequences if not properly protected.

Read their story to learn how CAI was able to partner with this sanitation district to provide a managed detection and response (MDR) solution that intelligently integrated with existing systems to monitor endpoints, networks, and various IT resources for security events through adaptive system protection.

Protecting local transit from cyber threats

A large, public mass transit agency that oversees commuter rail operations for 6 counties across its state knew that, due to their position and size, they were an attractive target for cyberattacks. Needing assistance in 5 key operational areas, the agency prioritized improving their monitoring capabilities, strengthening their cyber posture, and becoming better prepared overall. Because of CAI’s trusted partnership with the major metropolitan city within which they operate, the agency was aware of our cyber capabilities.

Discover exactly how CAI was able to partner with the transit agency and the results they experienced by reading their story.

What can organizations learn from the recent casino cyberattacks?

If there is anything the August 2023 cyber incidents involving MGM Resorts International and Caesars Entertainment in Las Vegas, Nevada reinforces, it’s the importance of continuously assessing your cybersecurity posture. Evolving and maturing alongside the threat landscape is vital to ensuring organizations are minimizing cybersecurity risks. Learn some key steps to increase protection, improve detection, and recover with the fewest disruptions as you walk through a proactive cybersecurity assessment framework. Read the full article.

Cybersecurity insurance can be affordable

As cybersecurity threats continue to rise, insurance premiums are following suit, leaving many local governments to wonder if coverage is monetarily feasible and considering operating without insurance. With the average cost of a breach being $4.45 million² and continuing to increase, cybersecurity insurance is an important tool to help organizations respond to and recover from the financial implications of an attack. Which raises the question, what steps can be taken to make the investment in cybersecurity insurance more budget friendly? From maturity assessments that make dollars and sense, to remediation roadmaps and best practices, gain some key insights on navigating the path by reading the full article.

A look at the year to come

With so many resources dedicated to cybersecurity in 2023, what could possibly be on the agenda for 2024? The article 7 Cybersecurity predictions for 2024 highlights some key considerations for leaders seeking to mitigate risk while continuing to innovate within their organizations. From the growing sophistication of cyberattacks and the benefits and risks of artificial intelligence (AI), to defending against identity-based attacks and closing the gap on the talent shortage, read the full article to ensure your organization has a direction for the future state of your cybersecurity.