Senior U.S. defense leaders offered a blunt message at last week’s Billington CyberSecurity Summit in Washington: no matter how high-tech your security is, it’s only as good as your basic cyber hygiene that surrounds it.
Venice Goodwine, chief information officer for the Department of the Air Force, explained at the Billington event on Sept. 4 that “without a solid foundation in place,” even the most advanced and complex cyber solutions could fail.
“You never leave your house without brushing your teeth in the morning. It’s the same thing with our networks. We have basic hygiene practices we must follow to ensure our networks are secure,” Goodwine said. “Properly maintaining and implementing basic cyber practices is crucial for ensuring the effectiveness of more sophisticated security measures.”
She highlighted that those fundamental tactics – such as robust password protection –
are essential components of foundational cyber hygiene.
“These basic measures might seem simplistic, but they play a crucial role in fortifying networks against cyber threats,” Goodwine said.
Kristina Walker, director of the National Security Agency’s Cybersecurity Collaboration Center, echoed Goodwine’s comments by explaining that cyber adversaries will always target the weakest link.
Implementing and consistently applying basic hygiene practices – such as multifactor authentication (MFA), strong passwords, regular data backups, and avoiding password sharing – provides a crucial layer of protection for agencies.
“Cyber actors tend to go after the weakest link. So things like MFA stump the majority of attacks if we just implement them. Basic cybersecurity hygiene is important to deter those type of attacks.” Walker said.
Goodwine also underscored the importance of partnering with industry to enhance cybersecurity efforts.
Walker similarly pointed out that collaboration is vital not only for protecting small businesses, which often lack extensive security resources, but also for providing the necessary technical support and expertise.
“By working together, we can better equip smaller organizations with the tools and knowledge needed to bolster their defenses and navigate the evolving cyber threat landscape,” she said.