November 29, 2020
This 3m video answers a question we’re being asked by smaller defense contractors/subcontractors: “Does CMMC prevent hacking?”
Will CMMC prevent hacking once you’re certified?
Cyber attackers keep finding new attack methods, so there is no 100% guarantee that you will prevent hacking. CMMC compliance improves your cybersecurity posture tremendously. Attackers target organizations with weaker security measures. Therefore, CMMC compliance decreases the risk of attack.
So, what does CMMC really do for your organization?
- Creates cybersecurity measures to prevent, detect, respond and recover from a cyber attack
- Improves protocols for upgrading your systems and applications, and reduces your chance of being hacked.
- CMMC helps you understand which part of your network, systems and applications handle Federal Contract Information (FCI) and Control Unclassified Information (CUI).
- It also helps to ensure your subcontractors are as secure as you are. They must also practice the same level of security measures you do.
- Even if you suffer a security incident, if you can prove that you have established and follow good cybersecurity policies, procedures and practices, there will likely be fewer consequences than if you do not have a good cybersecurity program.
- CMMC helps you establish a cybersecurity incident response plan so you know what to do and where to report your security incident within the DOD if you have a breach. DOD has cybersecurity incident reporting requirements. You don’t want to scramble and find out these reporting requirements or processes at the time of the breach.
In conclusion, CMMC prevent hacking? Well, not quite …
CMMC will improve your overall security posture. It will help you better prepare for cybersecurity events, as well as prevent, detect, respond and recover from cybersecurity incidents. It will help you prevent cyber attack but it won’t prevent you from being hacked.
My name is Kyle Lai, President and Chief Information Security Officer at KLC Consulting. If you have any questions about CMMC compliance, CMMC Consulting, security incident response and investigation or data breach investigation, please contact us at CMMC@klcconsulting.net or visit our website at klcconsulting.net. Thank you.
KLC is a C3PAO company that provides NIST 800-171 & CMMC consulting services
Please visit our YouTube channel for other free resources and cybersecurity discussion topics. LIKE and SUBSCRIBE!
And please visit us on LinkedIn.