Thomas Etheridge, vice president of services at CrowdStrike, has said that agencies must implement basic cyber hygiene and patch systems within 30 days to ensure preventive maintenance and avoid large-scale cyberattacks.
Etheridge wrote in a Nextgov piece published Friday that agencies must also create a risk management program for contractors to reduce cyber breaches from third parties, including supply-chain level vendors.
Agencies must also deploy multifactor authentication for login credentials, apply cybersecurity maturity assessments when considering potential third-party partners and launch “red team” exercises that simulate real-world attacks.
According to Etheridge, agencies are responsible for understanding the capacity of vendors to detect and prevent end-to-end cyber breaches.
“CrowdStrike found supply chain and third-party risks are frequently cited by mature organizations as among their top cybersecurity concerns due to the challenges in preventing such attacks and the damage they can inflict,” Etheridge said.
“Your agency needs a thorough understanding of the endpoint protection or system security protection and prevention mechanisms that are in place in vendors’ environments, including for their third parties,” he added.