As high-profile ransomware and other cyberattacks have spiked over the past year, the Small Business Administration (SBA) is working to prevent and mitigate against them by leveraging capabilities from the Continuous Diagnostic and Mitigation (CDM) program, and working with organizations including the Cybersecurity and Infrastructure Security Agency (CISA) – which runs the CDM program – and the Federal Bureau of Investigation (FBI).
During FCW’s CDM Summit virtual event on November 4, Kelvin Moore, SBA’s chief information security officer (CISO), said the agency has utilized CISA and the FBI guidance in several ransomware preparedness initiatives. Those include guidance on zero trust initiatives, cyber defensive training, enterprise admin restriction, and centralizing hardware or software management.
“As an agency, we support small businesses, and these companies make our economy grow in the U.S., so we have to make sure that our initiatives work,” Moore said. The CISO also pointed to recent agency FISMA scores that he said speak volumes about the agency’s continuous efforts to implement best practices and strategies while leveraging CDM capabilities.
Some best practices SBA has in place, Moore said, include:
- Remedying vulnerabilities through the distribution of patches;
- Ensuring SBA systems are implemented with compliant and secure configuration baselines;
- Information sharing and reporting;
- Constant monitoring of SBA systems and immediate responses to unusual activities;
- Predictive cyber threat gathering; and
- Threat actor monitoring and analysis
“We have led phishing campaigns to educate our workforce and mitigate these threats. We have also monitored incident responses and encouraged our staff that when they see something that doesn’t feel right, they say something. We have also scanned for vulnerabilities in our web applications to determine what safeguards we have to build up,” Moore said.