Advancing Cyber Risk Management Efforts for Government

According to Deloitte Center for Government Insight, there were more than 163 ransomware attacks that targeted local and county governments, which resulted in nearly $1.8 million being paid to cybercriminals, and tens of millions of dollars lost in recovery costs. And with attacks on the rise, federal agencies need to dedicate more resources to cyber risk management.

These were the key topics of discussion in a recent Government Technology Insider podcast interview with Craig Mueller, VP U.S. Public Sector at FireEye, who provided a deep-dive perspective into the challenges and opportunities that public sector leaders face today when it comes to cyber risk management.

“We have seen a shift in the last few years where risk was previously associated with being compliant, and risk now encompasses operational cybersecurity,” said Mueller. “While you are never going to completely mitigate the risk of cyber attacks or a data breach, government leaders want to be assured that they are investing in assets and resources as effectively as possible to minimize their enterprise risk.”

In addition, since the public sector encompasses a wide range of agencies with different mission needs, being able to manage risk can be different and requires the right resources for their needs.

“While there are different risk needs across government, there are two strategies; either risk is managed internally, like what we see with the Department of Defense,” said Mueller, or externally, like in the state and local arena, where you see organizations outsourcing significant parts of the cyber efforts to service providers, which shifts some of that risk over to these providers.”

In addition, the COVID-19 pandemic has shone a light on the need for effective cyber strategies. “The present situation opens agencies up to a variety of risks that many people did not have to think about prior to March,” added Mueller. “The remote work environment has increased operational complexities, and now’s the right time to choose a go-to security partner to help them in the ‘new normal.’ And, a quick and effective solution to help mitigate risk is to put an incident response retainer in place, which will ensure you’ve got experts on standby, ready to respond when needed.”