Senator Mitt Romney wants to know what the Department of Homeland Security can be doing to better defend the nation against cyberattacks.

The Republican raised the question during a hearing Monday in New York City of the Senate Homeland Security and Governmental Affairs Committee, held at the National September 11 Memorial & Museum in the dramatic Foundation Hall.

“China, Russia, North Korea, Iran, they continue to launch hundreds, thousands of attacks on technical databases, government databases, corporations and so forth. Is there some way we can do a better job of deterring that,” he asked a panel of former leaders of the agency formed in response to the Sept. 11, 2001, attacks.

“How do we up our game in cyber beyond where we are today?” he exclaimed.

“We need a whole of government, a whole of nation approach to this area. We need to recognize it is among the top three risks we face as a nation,” Janet Napolitano, the former Arizona governor who served as Homeland Security secretary under President Barack Obama said. “cybersecurity is an inordinately complicated topic involving technology that changes faster than laws and policy can keep up with, requiring more attention.”

We recently reported that New York Representative John Katko equated individual cyberattacks being faced by U.S. organizations as similar to 9/11 precursors which were missed… These ultimately were clues that lead to a far larger attack which took the lives of three-thousand people and caused billions of dollars of financial damage.

This sentiment has been echoed by others…

“Perhaps it is time for the country to have a 9/11 commission for cyber before we have, for example, massive ransomware attacks simultaneously conducted around the country or where we suffer once again a direct attack on our democracy as we saw in the 2016 election,” Napolitano said, referring to Russian interference.

The most important takeaway from this hearing is the government can lay out the threats and even predict what happens next but seems powerless to address the problem. As mentioned, the government moves too slowly to deal with global hackers who are evolving constantly. New attacks and infection vectors constantly appear and fighting them is like playing whack-a-mole.

We reached out to Senator Romney’s office to see if he could provide us with his thoughts on things businesses can do to stay secure. We will update this article when we hear back.

Until the government does come up with some tangible solutions and ways businesses can protect themselves, they are on their own.

We suggest all organizations do the following to stay secure:

1. Read cybersecurity essentials – a simple list which will help most organizations become far more secure.
2. Go to a phishing simulation vendor and sign up for one of their offerings. Phishing Box, KnowBe4 and Phish360; are all great. This is needed to train workers by testing them without their knowledge by sending real-looking emails to their inboxes. If they click, they are immediately trained on what not to do.
3. We also recommend you get a free evaluation of your cybersecurity risk from an MSP/MSSP immediately – they can also help you build in the needed compliance to reduce the risk of being fined.