The public sector faces an incredible number of cybersecurity threats and given that the government houses some of our most sensitive data the number of attacks will continue to grow. What’s worse than the number of attacks is that statistically, about one in three targeted attacks results in a security breach. As these breaches continue to grow more dangerous, it’s critical to identify and recruit the right personnel to ensure a stronger security posture.
Meeting that need head on, the Office of Personnel Management (OPM) has put out a call for data in order to identify the most vital cybersecurity needs across the federal agencies. Beginning in 2019, federal agencies will be required to submit reports annually through 2022. The OPM is asking agencies to:
1. Identify critically needed cybersecurity roles
2. Determine the root causes of cyber workforce shortages
3. Develop an action plan to combat those root causes
While this is a great step toward stronger agency security, what can federal IT pros do today to help combat increasing threats? Let’s start by examining where agencies feel the most vulnerable, then explore ways to help minimize these weak spots.
Enhancing the Technical Team
According to a recent report by Accenture, most government executives are confident their cybersecurity strategies are successfully protecting information and privacy. Yet, these same government executives are far less confident that they are successfully monitoring, identifying, and measuring breaches. In fact, most feel their current efforts to monitor, identify, and react to cybersecurity breaches are insufficient. In fact, more than half specifically mention cyberthreat analytics as a key cybersecurity gap.
Agencies should take this as a clear message to shore up in the Security Operations Center (SOC) and within agency leadership.
Let’s start in the SOC. Assume an agency already has a solid network and application monitoring platform—one that provides a unified view of all the information throughout the infrastructure. This is the most critical first step.
The platform by itself isn’t enough. Far too many people think software will do all the work—not true. Remember, this is your first line of attack against a breach of any sort. Understand your inventory (software, hardware, tools, people); understand the data that’s being stored and passing through these systems; and shore up the team tasked with monitoring, analyzing, and acting on the data being provided. Adding more highly-skilled staff or upskilling your current team should be your first priority.
It can be imperative to have a security management platform that can detect anomalies or abnormalities as well as the personnel to analyze and understand the implications of the information being provided.
The second half of the equation for a stronger cybersecurity posture is strong cybersecurity leadership.
The old adage that the tone of any organization comes from the top is absolutely true in the world of cybersecurity. Sound leadership should espouse good cyber hygiene and help to create a culture of cybersecurity awareness and diligence. Cybersecurity leaders should emphasize accountability, and build and support a strategy to make that possible.
There are two distinct approaches when considering where your agency can enhance its hiring and personnel support: the highly technical end, where experts can identify and act on anomalies before they become threats, and at the managerial end, where leaders can encourage and enable a culture of awareness, diligence, and accountability.