Staying ahead of the hack: Is government moving fast enough?
- By Chris Triolo
- Apr 08, 2019
It’s no surprise that government agencies remain a top target for cyber attacks, especially given the data agencies house is, by nature, lucrative and useful for cyber criminals. Election-related attacks have taken the top spot in headlines since 2016, but other large-scale attacks have followed. WannaCry crippled public utilities and the U.K.'s National Health Service hospitals in 2017, and a 2018 attack targeted Medicare and Medicaid through the HealthCare.gov website, stealing personal information of 75,000 users. With so much on the line, agencies at every level of our government cannot afford to relax their cybersecurity posture.
While agencies are investing in the technologies and resources needed to prevent threats, the 2018 Government Cybersecurity Report found that they still face challenges. The sector continues to be one of the bottom performers compared to other major U.S. industry sectors. As attacks continue to increase in number and sophistication, government agencies -- which often have limited resources and legacy infrastructure in place -- must work more quickly and efficiently to mitigate threats.
The state of cybersecurity in the government sector
Compared to commercial companies that have made significant investments in technologies to combat cyber threats, government agencies lack the same level of resources and funding to carry out sophisticated monitoring tactics. In fact, the Office of Management and Budget's Federal Cybersecurity Risk Determination Report and Action Plan found that 74 percent of agencies participating in the risk assessment process have cybersecurity programs that are either at risk or at high risk.
This trend is caused by the current approach the industry takes to security, which requires trained IT staff for monitoring and initial analysis. Human-managed security is not only expensive, but it costs security teams time they should be spending on activities that can have a bigger impact on the organization.
Agencies must standardize their IT capabilities to improve their efficiency, accuracy and cost control. By combining the best from both sides of the equation -- human talent and technology -- they can reduce security costs, free up resources and set security teams up for success.
Automating security operations
Government organizations can better safeguard against cyber threats when they have modern security operations centers in place. The old way of building legacy SOCs with security information and event management functions requires more funding and results in a lengthier return on investment due to the time and energy spent on hiring, training and retaining talent to keep the process running smoothly.
With the emergence of technologies that automate security operations, government agencies -- both large and small -- can operate at higher maturity levels without having to spend large amounts of money on legacy systems that are time- and skills- intensive. Instead, agencies should look to security automation to extend decision-making and scale SOC capabilities.
IT teams typically perform all decision-making, threat analysis and remediation themselves. By leveraging automation, staff members will no longer need to perform these time-consuming manual tasks, and teams can increase their security capacity and capability while reducing operating costs. Organizations will begin to see returns in the form of time and resource savings. Plus, with the added scale and capability offered by automation, agencies will no longer need to hire as many analysts to handle high volumes of alerts, meaning they no longer need to invest as much in expensive or complicated security infrastructure.
While this transition may seem like a tall order, security managers should keep the following in mind as they begin to plan and implement their security automation projects:
- Determine priorities: Plans cannot be strategic and ultimately useful unless they map back to specific agency priorities. At the outset, teams should work together to evaluate the effectiveness of current security operations, identify where the discrepancies lie and determine their specific goals. Once the team’s goals are determined, they can develop a strategic plan that will provide details on how specific initiatives will be achieved and add value to the organization.
- Plan resources: Both human talent and technology will be required to ensure an agency's security goals are met. Without the right resources in place, security automation projects cannot be started, let alone fully accomplished. Agencies must evaluate how their existing technology infrastructure can support such a project, and where they might need to make investments to meet security’s data management and analysis requirements. Agencies are often inundated with data points and cannot quickly or accurately make decisions. To overcome this challenge, it is essential that they have a comprehensive understanding of the interactions and technologies involved in their security operations. This can be determined by mapping the expected data inputs and outputs together with an organization’s security processes and goals. At the same time they must also invest in the human talent needed to manage and maintain these systems.
- Start small and scale: While there may be many places to start, agencies should begin the automation process by choosing projects that will provide the quickest return on investment. By starting small, automation projects can be tested, adjusted and validated for results. Teams can then take the insights from these test projects to plan larger implementations and gather buy-in from stakeholders. It’s at this point where teams can take their new knowledge and scale security automation to other parts of the agency, essentially safeguarding an entire organization against potential threats and attacks.
While the benefits of security automation are clear, these projects are no easy task for organizations in any industry. Government agency security teams can increase their efficiency and effectiveness through automation when they take deliberate, well-planned steps to ensure they set specific goals and have the resources in place to be successful.
Together, with the right technology and skills in place, agencies can continue to focus on the important work they do while protecting people and communities from cybersecurity threats.
Chris Triolo is vice president, customer success, with Respond Software.