It’s been almost a year since the SolarWinds software supply chain attack against federal agencies first made headlines. And while, in the months since the attack, the federal government has made significant strides to improve cyber defenses with the May 2021 Executive Order on Cybersecurity providing a roadmap, there’s still a lot of work to be done on easing the cybersecurity burden.
With recent warnings from Microsoft security researchers about imminent new supply chain attacks from Russian hacking group Nobelium, federal agencies must find a way to reinforce their security protocols without creating insurmountable burdens for either their in-house cybersecurity teams or for their end users. Agency cybersecurity teams are stretched thin by the sheer number of threats they need to mitigate while trying to retain talent from being recruited to more lucrative private sector jobs. Meanwhile, agency workers are navigating myriad threat vectors, such as phishing and password spraying, as well as old fashioned brute-force attacks, while managing their new hybrid work environments.
In other words, despite the guidance from the cybersecurity executive order, federal agencies are still underprepared for the pressures of today’s threat environment.
While this might seem like a dire situation, there are some simple actions that federal agencies can take to start easing the cybersecurity burden.
Build Your Threat Intelligence to be Prepared
As federal agencies begin to execute on their FY22 budget and strategy, investments in cybersecurity must – and will – remain top of mind. But this year instead of investing only in new equipment to bolster their cyber defenses, it’s time for agencies to also think about investing in professional security services. “When we look at our global backbone, there’s an opportunity to draw a lot of threat intelligence from what it is that we see, just by what happens to transit,” explained Chris Novak, Global Director for the Verizon Threat Research Advisory Center. “The backbone of the internet is essentially the battleground in which most of these cyberattacks take place. It’s almost like all of a sudden it becomes visible as to exactly what it all means and how it all works together. Having that [global] visibility is incredibly valuable.”
Use Managed Services to Better Support Your Cybersecurity Team
“[It’s unrealistic to expect agencies to] have the ability to access the depth and breadth of talents and capabilities that might not otherwise be available in an agency setting … given the competition on the market,” shared Novak, Global Director for the Verizon Threat Research Advisory Center. “There’s a huge shortage of cybersecurity workers in this country right now and federal agencies don’t need to recruit top talent in order to benefit from their knowledge.”
By taking advantage of managed and professional cybersecurity services federal agencies can augment their in-house team, access the latest threat intelligence, and develop a broader understanding of risks and trends so they can stay one step ahead of the hackers. “Focusing on security is not what a lot of agencies’ mission is all about,” shared Novak. “Security is something that is a need-to-have, to ensure that the mission can be done. But generally speaking, it is not the focus of why or what the agency does — save for a few whose mission is, in fact, safety and security,”
Enhance Monitoring and Management of your Network
A robust network security monitoring and management service will have several key features, including being device agnostic. While a professional services organization can certainly recommend a best-in-class setup, a managed security service should be able to work with the organization and its existing cybersecurity investments. “Having the ability to lean on a third party, whose actual focus is on security, both from an [managed services] or [professional services] perspective, allows you to remain more focused on your core objectives, and spend more time, more effort and more resources on what the core mission is,” explained Novak.
By focusing on these three elements of cybersecurity and investing in augmenting both knowledge and staff augmentation federal agencies have a unique opportunity to build a resilient cyber posture to protect and defend data, apps, and the national interest.
Ready to learn more? Click here.