Several notable cyberattacks on critical infrastructure organizations this year highlighted the importance of the Defense Industrial Base (DIB) taking security seriously. Even if any DIB contractors wanted to resist, their time has run out.
In October, the Department of Defense (DOD) published the Cybersecurity Maturity Model Certification (CMMC) program as a final rule. Now federal contractors need to achieve compliance quickly in time for implementation in 2025.
CyberSheath aims to educate as much of the DIB as possible on what the DOD requires to keep our nation’s secrets safe. At CMMC CON 2024, we brought together industry experts, government officials, and defense contractors to discuss what businesses should be doing to comply.
Through our annual study conducted by Merrill Research, we learned that most of the DIB has a long way to go. A shockingly low 4% of defense contractors are fully prepared for CMMC certification and too few have the right solutions in place. Only 15% have deployed patch management solutions, 21% have implemented multi-factor authentication (MFA), and 27% have adopted endpoint detection response (EDR) solutions — all of which are required by CMMC.
If you’re one of the many searching for answers, CyberSheath can help. Through our CMMC managed services, we provide a comprehensive suite of services to help your organization secure and maintain compliance.
Our cybersecurity prowess has been recognized even outside of the industry — various media platforms seek guidance from our experts. CEO Eric Noonan penned op-eds this year that ran in Fortune and Nextgov/FCW. He was also routinely sought after by reporters for his insights. Here is a roundup of the top stories we added commentary to this year:
- Breaking Defense: When the DOD released the proposed rule for CMMC 2.0, Eric was asked to comment on the rollout and its implications for American supply chains.
- NBC News: The Change Healthcare ransomware attack had an outsized trickle-down effect on the industry, with patients struggling to get their medications. Reporters reached out to Eric to learn why paying the ransom would be the wrong thing to do.
- CNN: When AT&T disclosed a breach of call data from two years ago, Eric explained the importance of mandatory minimum cybersecurity practices and how they can protect Americans.
- CNN: Eric also explained how ransomware attacks, like the one that hit CDK Global and kept auto dealerships in the dark, can start with a phishing email and quickly spiral out of control.
- Axios: The healthcare industry faced a slew of attacks this year, and Eric simplified the issue — supply chains make cyberattacks much more complex.
- CNN: He also highlighted the importance of safeguarding critical infrastructure amid breaches like Haliburton faced.
- Breaking Defense: Our annual study conducted by Merrill Research highlighted how few contractors are ready for the CMMC 2.0 rollout next year.
As we head into 2025 and CMMC’s implementation, defense contractors must take immediate action to combat what the DOD openly calls a threat from China. While CMMC compliance may seem daunting, you don’t have to go it alone.
Learn more about our range of offerings to help you understand and achieve compliance.