Every 11 seconds a ransomware attack occurs somewhere in the world, according to research from Cybersecurity Ventures magazine. Staying ahead of cyberattacks requires agencies to monitor and understand current trends that are perpetually evolving as threats evolve. Government Technology Insider recently talked with SHI International Field Solutions Engineer, Jeff Franckhauser, to discuss current trends, especially those that have risen with the push for Zero Trust infrastructures and the ongoing war in Ukraine. Franckhauser also shared some insight into what agencies are doing and can do to combat the ever-increasing number and sources cyber threats. Keep reading for Franckhauser’s expert thoughts on cybersecurity trends in 2H 2022.
Government Technology Insider (GTI): What trends are you currently seeing in the cybersecurity space?
Jeff Franckhauser (JF): Federal, state, and local governments, including K-12 and higher education, are understandably focusing on Zero Trust frameworks at all levels of their computer, storage, and communication network infrastructure.
GTI: What’s a Zero Trust Framework?
JF: A Zero Trust framework essentially means that no one and no system should be granted access to the network or IT systems inside or outside an organization, unless they are being continuously authenticated and monitored.
This Zero Trust policy was driven by the Biden administration under the May 2021 Executive Order (EO) on Improving the Nation’s Cybersecurity as a result of the persistent threat of malicious actors carrying out cyberattacks. This EO is designed to support control for ransomware, DDoS attacks, virus and malware propagating across global networks and web applications, as well as protecting software code in and out of the cloud, and many other security flaws and issues facing government and institutions today.
GTI: What does Zero Trust look like in action?
JF: Zero Trust is designed to address three security concepts visibility, analytics, and automation, with an eye toward identifying the end-user, sanitizing data, improving workload authorized access, and monitoring devices and encrypted data. In meeting these requirements, many agencies and educational institutions will need a comprehensive approach to security and security policy, meaning the sum of the parts must equal the whole and that secure technology and policy must support and protect the agency or institution at all levels, both public and private.
CISOs and security professionals whose organizations are required to adopt this framework must first take a solid look at their current security foundation. For a full picture of their security foundation, they need to take a step back and perform an internal security posture review, an analytical and practice deep dive. This security analysis allows professionals a broad overview of the current state of their cybersecurity technology hardware, software, policies, and procedures that define their either secure or unsecure platforms. With this evaluation, security professionals can look across their networks or operational federated networks and see what technology they have in place. Moreover, it enables them to understand what may need to be improved, updated, or replaced, and helps them answer the question of whether the new or advanced technology meets the standards for data reporting, governance, and compliance.
Jeff Franckhauser dives into more trends and explains how the war in Ukraine is impacting cyber security in part two of our interview. Click to read Franckhauser’s thoughts here.