Monitoring deep, dark and surface web to detect exposure of your sensitive data, secret projects and initiatives, privileged users, critical systems, IT infrastructure, and more.
Monitoring and alerting of third party data breaches impacting your employees’ emails, usernames, and personally identifiable information.
Assess the risk footprint and security posture of key business relationships to get a handle on external risk introduced through your extended attack surface.

Sign Up for Updates

Digital risk monitoring of key personnel with telemetry and risk metrics. VIPRecon provides broad coverage of social media, deep and dark web, as well as physical threat assessments.
Our Ransomware Response Readiness Assessment, Playbook and Table Top Exercise gives your organization the best chance to survive and recover.
Gain visibility of your digital footprint by reaching into the most active areas of the cyber underground.
Fully managed and tailored Threat Intelligence services that becomes an extension of your current security processes and provides real-time visibility on new threats.
Providing research and investigations into known threats, to save security teams time and stress during a cyber emergency.

Sign Up for Updates

GroupSense offers a comprehensive package of services for assessing and responding to ransomware attacks, including negotiations with threat actors.
Actively researching and monitoring threats from vendors or third-party companies that can affect organizational security.
Monitoring for threats to elections, VIPs, and more on social media to proactively prevent or mitigate digital risk.
Focusing on the threats and risks that matter to your security processes and providing intelligence and insights to prevent or mitigate digital risk.
Taking the next step in security services, by proactively taking down phishing sites or anonymously interacting with threat actors to provide better intelligence.
Active monitoring of your brand's digital assets to protect its reputation and stop further brand abuse from targeting unsuspecting victims.

Sign Up for Updates

Combining your cyber and fraud programs to effectively fight threat actors continually scamming or threatening assets within an organization.
Executives are prime targets for fraudulent activities, but with a proactive approach, any attacks or threats can be neutralized before causing any damage.
Governments, political parties and candidates must all act now to activate cyber threat intelligence services to harden their information security and get ahead of inevitable cyber threats to the election process.
3 min read

New National Cybersecurity Strategy Forgets Small Businesses

Mar 14, 2023 9:00:00 AM

At first glance, Biden’s recently released National Cybersecurity Strategy appears comprehensive and forward-thinking. It focuses on a number of areas such as strengthening the Cybersecurity and Infrastructure Security Agency (CISA), developing new technologies to detect threats, and increasing international cooperation to fight transnational cybercrime. However, the strategic initiatives laid out in the document are not funded, and in many cases, are not possible without fundamental changes to organizations and their systems. In this blog, we will focus on strategic initiatives 1.4, 2.2, 2.3, and 3.3.

Objective 1.4: Update Federal Response Plans and Processes

GroupSense fundamentally disagrees with the premise of objective 1.4: “The private sector is capable of mitigating most cyber incidents without direct federal assistance.” Our first thought is whom are they talking about? The majority of the private sector includes small and medium businesses that don’t have the monetary or human resources to defend against or respond to attacks. Once again, the backbone of the American economy is forgotten. 

Objective 2.2: Enhance Public-Private Operational Collaboration to Disrupt Adversaries

This objective aims to disrupt threat actors with increased information sharing and organizing efforts through established security nonprofits, but it lacks any action plan. There are no funds, resources, or specific plans that would increase collaboration and data sharing, which is already an extreme challenge for the federal government before throwing in private sector organizations. Without more detailed plans, this objective will fall flat.

Objective 2.3: Increase the Speed and Scale of Intelligence Sharing and Victim Notifications

This objective plans to increase intelligence sharing from the federal government to private sector cybersecurity companies and potential cyber crime victims. While the objective does have a specific direction for establishing sector-based priorities and processes, it doesn’t address the that the proposed information-sharing is one-directional. Furthermore, it doesn't acknowledge the confusion and disorganization of victim notifications. In our work, GroupSense sees firsthand that victims don’t know whom to report cyber attacks to when they happen. Between CISA, the FBI, and local law enforcement, victims rarely know the correct reporting protocol. Why not fix this issue with a clear reporting protocol that will be widely distributed to the public?

Objective 3.3: Shift Liability for Insecure Software Products and Services

While GroupSense believes in the premise of this objective to shift the liability away from victims of insecure software and place it on the organizations developing the software, this seems like the pot calling the kettle black. GroupSense and the public have observed time and again the issues that vulnerable, brittle cyber systems created by the government fail us. Just in the past few weeks, GroupSense observed a breach of the US Federal Marshal system among other federal breaches. The government should take its advice here and start addressing the glaring cybersecurity issues on the inside before enforcing this on the outside.

GroupSense believes that Biden’s Cybersecurity Strategy is a step in the right direction, but it needs to go further. We believe that more emphasis should be placed on providing resources and support for small and medium businesses so they can take the necessary steps to protect themselves from cyber threats. This includes increased funding for CISA’s Cybersecurity Small Business program, which provides grants and technical assistance to these organizations; more educational resources on cybersecurity best practices; and better public-private partnerships to facilitate information sharing and collaboration. 

We also believe that the strategy should shift focus away from offensive strategies and towards defensive ones, as these are more likely to have a direct impact on businesses’ cybersecurity posture. This could include investing in cybersecurity training for employees, implementing Cybersecurity best practices, and leveraging advanced cybersecurity technologies such as AI and machine learning. 

Ultimately, the cybersecurity landscape is constantly evolving, and it’s important for businesses – especially smaller ones – to stay ahead of the curve. Biden's cybersecurity strategy could be an important step towards achieving this, but only if it takes into account the needs of small and medium businesses. GroupSense is committed to helping companies protect themselves against cybersecurity threats, and we look forward to seeing how Biden's cybersecurity strategy evolves to meet their needs.

Written by Editorial Team