As a 20+ year veteran of the United States Secret Service, providing protection for two sitting Presidents, it was incumbent for us to painstakingly ensure necessary protocols were in place for every engagement, both foreign and domestic. These protective engagements sometimes began months in advance of a scheduled trip or public event in order to meet with local agencies and clarify the logistics of the eventual movement. The advanced countermeasures we took were meticulously detailed routines as part of a thorough set of guidelines and internal regulations designed to ensure no stone was left unturned. We prepared for any number of unlikely emergencies in the rare chance something unforeseen was to occur. The unfortunate reality of our job was that a single misstep could be the ultimate cause of a cataclysmic disaster.
Without a clear set of enumerated standards, guidelines, and best practices in place, much of what we did as the Secret Service to ensure the safety of our protectees would not have been enough. Threats would be overlooked, plans would be lacking key details, and our collective response in the worst-case scenario would expose gaps and vulnerabilities. While our desire as individuals and teams is generally to eschew burdensome regulations and assume the worst won’t happen to us, the reality of the matter demonstrates the opposite is true. If we are ill-prepared, the best outcome is less likely to occur.
My experiences as a Secret Service agent present a striking overlap with the world of cybersecurity.
The initial and most pressing charge as a cybersecurity service provider is, well, to provide cybersecurity. What does this mean? We take every measure to ensure the absolute security of our clients’ and partners’ critical, most sensitive data with industry-leading technology and teams of certified, experienced engineers and analysts actively monitoring and responding to threats in real-time. For our partners to excel in their jobs and fulfill their organizational missions, they must be confident in our capacity to eliminate malicious threats while complying with industry requirements and best practices.
In numerous cases, our partners require very specific data protection and support criteria established by any number of laws or regulations. While these rules often add cost and time to building robust cybersecurity, it becomes a tragedy when someone else you expect to be adhering to the rules and best practices does not and it negatively impacts you. There is an expectation that, when everyone is aware of, agrees to, and is trained on a common set of rules and principles, they will be followed. If this expectation were broken by the Secret Service, it could get someone killed; in cybersecurity, it could cost someone their job or result in the closing of a business.
As cyberattacks continue to increase across all industries—from ransomware to data theft to data wiping—governments and industries are pushing to enhance minimal standards regarding the protection of sensitive consumer data. Both the healthcare and financial sectors have had numerous compliance requirements in place for decades (including, HIPAA, HITECH, FINRA) to ensure certain types of data are secure in how they are stored and transmitted, and who has access. It’s likely that without these regulations, ethical and effective companies would engage the same minimum standards.
For instance, our ShadowSpear Platform, an integrable security solution powered by our 24/7/365 Security Operations Center staffed by experienced engineers and analysts, is at the core of maintaining a mature cyber defense regardless of industry or regulatory compliance requirements. We combine this solution with our cyber risk assessments, training, and rapid incident response services to create a robust, industry-leading united threat management system that checks all the boxes.
In essence, it seems these regulations are simply the codification of best practices to give consumers peace of mind and recourse in the event of an incident caused by a lack of adherence.
Regulations are continuing to make their way across new vertical industries, with the latest being the aptly named “Safeguards Rule”—which incidentally goes into effect today (December 9, 2022) established by the Federal Trade Communication under the Gramm-Leach-Bliley Act, requiring any company that extends a financial product, including loans, insurance, or investment advice to maintain minimum security standards for defending sensitive consumer data. During the first half of 2022, over 50 million individuals in the U.S. had personal data compromised or leaked by threat actors, demonstrating the continued need for strong protections.
Cybersecurity providers, much like Secret Service agents, must earn the trust, develop the experience, and maintain focus on fulfilling the mission of those we are called to serve. These attributes are also the foundation of industry regulations and bolster consumer confidence in terms of the safety and defensive strengths surrounding their critical, personal data. For these reasons, we’ve built a cybersecurity solution our partners of any industry can trust.