Tech companies pledge billions to bolster cybersecurity investments

Some of the country’s leading technology companies have committed to investing billions of dollars in strengthening cybersecurity defenses and in training skilled workers, the White House announced, following President Joe Biden’s private meeting with top executives.

Google announced it would invest $10 billion over the next five years to expand zero-trust programs, help secure the software supply chain, and enhance open-source security. Google also announced it would help 100,000 Americans earn industry-recognized digital skills certificates that provide the knowledge that can lead to secure high-paying, high-growth jobs.

IBM announced it would train 150,000 people in cybersecurity skills over the next three years and partner with more than 20 Historically Black Colleges & Universities to establish Cybersecurity Leadership Centers to grow a more diverse cyber workforce.

Microsoft announced it would invest $20 billion over the next five years to accelerate efforts to integrate cybersecurity by design and deliver advanced security solutions. Microsoft also announced it would immediately make available $150 million in technical services to help federal, state and local governments upgrade security protection and expand partnerships with community colleges and non-profits for cybersecurity training.

Amazon announced it would make available to the public at no charge the security awareness training it offers its employees. Amazon also announced it would make available to all Amazon Web Services account holders, at no additional cost, a multi-factor authentication device to protect against cybersecurity threats like phishing and password theft.

Apple announced it would establish a new program to drive continuous security improvements throughout the technology supply chain. As part of that program, Apple will work with its suppliers — including more than 9,000 in the United States— to drive the mass adoption of multi-factor authentication, security training, vulnerability remediation, event logging, and incident response.

Commenting on the news, David Gerry, Chief Revenue Officer at NTT Application Security, says, “This summit, and resulting commitments and initiatives, mark a positive step in raising awareness of the national cybersecurity attacks proliferating our nation’s private sectors. The summit allows for ideas, best practices, as well as transparency to be shared between technology vendors and government organizations. It’s great to see leaders within the financial and utility sectors specifically, which have been hit hard this past year, come together to create actionable plans around proactive security strategies.”

Cyber insurance provider Resilience also announced they would require policyholders to meet a threshold of cybersecurity best practice as a condition of receiving coverage. Cyber insurance provider Coalition said it would make its cybersecurity risk assessment and continuous monitoring platform available for free to any organization. “While everything in the press release is positive from a cybersecurity perspective, I’m especially excited to see that Resilience is requiring minimum cybersecurity standards as a condition of coverage,” says Jake Williams, Co-Founder and CTO at BreachQuest. “Many organizations view cyber insurance as an alternative to implementing security controls rather than as a complement to those controls.”

Jack Kudale, founder and CEO of Cowbell Cyber, says, “We are fully supportive of the government initiative to bring more resources to help businesses protect themselves. We applaud Amazon’s commitment to make security awareness training available at no charge and deliver multi-factor authentication (MFA) to all Amazon Web Services account holders. Such basic defenses should be in place everywhere. The security crisis is acute within the small and mid-size business segments. Incentives to drive change and adoption of fundamental cyber hygiene practices, including cybersecurity and cyber insurance, will change the balance of power between businesses and cybercriminals. Cowbell Cyber is eager to support the above with cyber insurance and risk management resources with free, continuous risk assessment to all businesses along with risk insights with recommendations to mitigate security weaknesses.”

President Biden also announced that the National Institute of Standards and Technology (NIST) would collaborate with industry and other partners to develop a new framework to improve the security and integrity of the technology supply chain. The approach will serve as a guideline to public and private entities on building secure technology and assessing the security of technology, including open-source software. Microsoft, Google, IBM, Travelers, and Coalition committed to participating in this NIST-led initiative.

In addition:

The Biden Administration also announced the formal expansion of the Industrial Control Systems Cybersecurity Initiative to a second major sector: natural gas pipelines. The initiative has already improved the cybersecurity of more than 150 electric utilities that serve 90 million Americans.
Code.org announced it would teach cybersecurity concepts to over 3 million students across 35,000 classrooms over three years, teach a diverse population of students how to stay safe online, and build interest in cybersecurity as a potential career.
Girls Who Code announced it would establish a micro-credentialing program for historically excluded groups in technology. The program will make scholarships and early career opportunities more accessible to underrepresented groups.
The University of Texas System announced it would expand existing and develop new short-term credentials in cyber-related fields to strengthen America’s cybersecurity workforce. A significant part of this effort will be to upskill and reskill over 1 million workers across the nation by making available entry-level cyber educational programs through UT San Antonio’s Cybersecurity Manufacturing Innovation Institute. Credentials do not depend on traditional degree pathways and should also contribute significantly to diversifying the pipeline.
Whatcom Community College announced it has been designated the new NSF Advanced Technological Education National Cybersecurity Center and will provide cybersecurity education and training to faculty and support program development for colleges to “fast-track” students from college to career. The nature of community colleges dispersed in the U.S. makes them an ideal pipeline for increasing diversity and inclusion in the cybersecurity workforce.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.

How can security leaders charged with investigations handle the management of interviewers and interrogators, as well as handle interviewing, including dealing with false confessions and misleading information?