The University of California's Cyber-Risk Coordination Center (C3) published its 2024 Annual Report. The report highlights progress in improving cybersecurity across the university. The insights in the report underscore the UC's commitment to staying ahead of emerging threats and continuously improving its cybersecurity posture.
Our very own Allison Henry was named as a finalist for the Bay Area CISO ORBIES Awards! The ORBIE Awards honors CISOs who have demonstrated excellence in technology leadership. Over 500 leaders have received an ORBIE Award since its inception in 1998. Congratulations, Allison!
We've summarized the report sections below, but for a comprehensive understanding of these initiatives and more, the 2024 Annual Report is available here.
Governance and Compliance Integration
This year, governance and compliance came together due to new standards and outside influences. The report highlights the need to align these requirements to solve important issues, especially where compliance meets overall system needs. Van Williams, UC's Vice President of IT and Chief Information Officer, emphasizes the goal of creating a plan to strengthen this overall approach.
Five-Pillar Cyber Risk Management Framework
UC's approach to cybersecurity is structured around five foundational pillars:
- Governance: Enhancing structures to coordinate cybersecurity efforts effectively.
- Management: Strengthening risk management to ensure consistent efforts across the UC system.
- Technology: Adopting modern technologies to stay ahead of evolving threats.
- Environment: Fortifying the environment through information sharing to guarantee dependable protection.
- Culture: Driving cultural change to ensure every stakeholder actively participates in cybersecurity initiatives.
Collaborative Cybersecurity Initiatives
The report emphasizes the important role of the Information Security Council (ISC), which includes Chief Information Security Officers (CISOs) from all UC locations. The ISC works together to find and solve cybersecurity problems, creating a united and proactive approach to potential threats.
Innovative Approaches and Success Stories
Several innovative approaches have been implemented systemwide:
-
Credential Phishing Mitigation: Efforts to combat credential phishing have been intensified, reducing attack surfaces and enhancing user awareness.
-
Data Disposal Initiatives: Events like Data Disposal Day have been organized to securely dispose of obsolete data storage devices, minimizing potential data breaches.
-
Phishing Awareness Campaigns: Targeted campaigns have led to a 124% increase in reporting phishing attempts, reflecting heightened user vigilance.
Looking Ahead
The 2024 report highlights key industry predictions and expects spending on cybersecurity resources to increase by over 15% due to the need to secure generative AI, continuing through 2025. By 2027, it is expected that half of the location CISOs will adopt practices that focus on human behavior in security to reduce human risk and encourage better adoption of security controls. As we say, cybersecurity is everyone's responsibility!