Guardian Digital Perspective on CISA Cybersecurity Strategies for 2023-2025

This past September, the Cybersecurity and Infrastructure Security Agency (CISA) released a strategic plan for the first time in CISA's history. The road map covers 2023-2025 and outlines four goals to guide the organization as it continues to grow and push America into a higher level of cybersecurity.

The organization aims to "spearhead the national effort to ensure the defense and resilience of cyberspace," help partners protect critical infrastructure, and support more vital "whole-of-nation operational collaboration and information sharing." This article will discuss the four goals in greater detail, threats to your business's cybersecurity, and tips to prevent successful attacks.

The CISA has claimed that cyber actors' threats are projected to grow in the upcoming years and establish themselves as a new normal. They threaten every branch of business and personal life across the globe, and thus the recent step-up in tactics. The Russian invasion of Ukraine enacted the "Shields Up" warning from the CISA. It was an announcement that they would be more vigilant against possible cyber threats from Russia during the war. Just months later, the director of the CISA said this should be the baseline for future protection. This is unified by the CISA's new four critical points in creating a better-protected digital space and reinforcing partnerships. 

CISA’s Four Key Points

• The CISA will push for a national effort of defense against cyberattacks. By providing more effort and funding, CISA can mitigate attacks on critical operations of the United States. 
• The rest of America's infrastructure will get support as well. The national effort will identify critical risks to infrastructure, gather why they are vulnerable, and take action to reduce possible risks. They are essentially offering their services to not only protect themselves but others as well. 
• To build on the last, the CISA will continue to build stronger relationships between the government, multiple industries, schools, and overseas partners. This will cover cyber and physical infrastructure, sharing the protection responsibility with others. 
• Lastly, they claim to unify the CISA by building a core structure of values and principles to encourage transparency and cost-efficiency.

The key points identified will strengthen smaller organizations while streamlining the security process for companies of any size. Their core values of collaboration, innovation, service, and accountability shine within these points and paint the path to their plans. The CISA has a mission to lead a national effort to reduce cyber/physical infrastructure risk while delivering exceptional collaboration to maintain a great economy and citizens' safety.

Keep Learning About Cyber Threat Protection

It is essential to understand the threats against which the CISA is protecting. Over 90% of common attacks initiated via email include phishing, business email compromise (BEC), malware, and ransomware. Phishing is the most prevalent attack to email, in which cybercriminals pretend to be someone else with a sense of urgency to confuse and steal information from a victim. BEC attacks are similar but are internal to a company. These phishing emails present themselves as higher-ups in a company trying to bait an employee into giving access to a server or system. Malware attacks can encrypt or delete sensitive data from a computer and hijack systems. These are brutal attacks that leave systems very vulnerable. Ransomware attacks will block access to important files until a fee is paid. Once a fee is paid, the files are either partially returned or obliterated. 

With this in mind, it is not only the CISA that can protect against these attacks. By learning more about them and the best practices to keep them safe, anyone can protect themselves and their business from these attacks. 

• Learn more about effectively protecting your business from ransomware.
• Keeping the integrity of your email safe requires securing the cloud with spam filtering and enterprise-grade anti-spam services.
• Get the latest updates on how to stay safe online.