Leading by example: the federal CISO and cybersecurity collaboration
- By Bill Annibell
- May 09, 2016
In 2015, there were 781 known data breaches in the United States, according to the Identity Theft Resource Center, exposing a staggering 169 million records. Records described as government/military accounted for 20.2 percent of those that were exposed via data breach, while healthcare accounted for 66.7 percent of compromised records. And given that many organizations do not report data breaches for fear of damaging their reputations, we know the true numbers are significantly higher.
As defined by ITRC, data breaches involve "an individual name plus a Social Security number, driver's license number, medical record or financial record." When a citizen-serving organization allows such information to be exposed, that creates varying levels of distrust -- and a clear need for a more collaborative and cohesive cybersecurity strategy.
Perhaps not so coincidentally, President Barack Obama announced in February that his administration would implement a Cybersecurity National Action Plan "that takes near-term actions and puts in place a long-term strategy to enhance cybersecurity awareness and protections, protect privacy, maintain public safety as well as economic and national security, and empower Americans to take a better control of their digital security." To lead the efforts directly, the announcement includes the creation of the Nation's first Chief Information Security Officer responsible for overseeing and coordinating the modernization of government IT and transforming how the government manages cybersecurity.
The new federal CISO will have their work cut out for them. We, as a nation, seem to be fighting a losing battle. Yet, with every challenge comes opportunity to disrupt the status quo. As the new CISO enters the volatile cybersecurity landscape, there are multiple areas in which he or she can have an impact through industry collaborations offering new technologies and innovations.
First, regardless of how many moats, walls and fences are built (in the form of firewalls, intrusion detection/prevention, security information and event management, and antivirus/antimalware systems), data is being exfiltrated by nefarious actors at an exponential rate. The information may be extracted for months before an organization even becomes aware that there is a breach.
The signature-based nature of many of these detection technologies relies on knowing that exploits exist in order to protect against them. New exploits are not accounted for until after the fact, which is why we continue to see announcements of significant data breaches. It is time to look at new technologies that utilize anomaly detection in the form of advanced algorithms and leverage artificial intelligence technologies to "sense" nefarious activity as they occur in real time, thus discovering the data exfiltrations as they begin as opposed to months later.
Second, there is a data security problem. According to Forrester's August 2015 report, Detecting Cyberthreats With Fraud-Based Advanced Analytics Technology, the CISO's number one priority is securing an organization's data. The digital age has ushered in an era of data creation and aggregation that requires massive amounts of data to be stored for large -- if not infinite -- amounts of time. Yet organizations have struggled with the basic blocking and tackling of data management, which makes securing data with any confidence nearly impossible.
As data within an organization proliferates at exponential rates it is imperative that a set of data management policies are employed to govern the organizations most critical data. Only then can the IT and security teams implement the proper access controls, data encryption and various other security controls to appropriately secure the data we seek to protect.
As citizens' trust in the private sector grows and cybersecurity offerings are expanded, it is to the new CISO's advantage to embrace these opportunities with openness and transparency. With keen collaboration across government and industries who are embracing and accelerating new technologies to detect breaches earlier and a better framework for securing data will help ensure a secure future with citizen information that is no longer reactive but proactive. Leading by example, the CISO has the opportunity to disrupt the silos of cybersecurity across sectors and to shift the culture towards a holistic and unified approach.
Bill Annibell is the Chief Technology Officer for Sapient Government Services.