When the Department of Defense introduced the new Cybersecurity Maturity Model Certification (CMMC) program in 2020, all companies supporting DOD were faced with a new and potentially costly requirement.
While at first look this may feel like another government process that could slow things down, the stakes have never been higher. The SolarWinds attack, a state-sponsored attack where hackers infiltrated the SolarWinds Orion software supply chain to gain access to networks across the government and private sector and then pivot into deeper services, affected hundreds of organizations and at least nine federal agencies. The Colonial Pipeline ransomware attack shut down a major pipeline that supplies fuel to the eastern U.S., causing panic – and gas stations to run dry. The security flaw in Pulse Secure Connect may have impacted several federal agencies, giving hackers free reign over vulnerable networks. Zscaler just published a report analyzing the attack surface of more than 1,500 organizations, showing startling vulnerability levels, particularly within public clouds.