10 tips for agencies looking to address cyber threats
- By Tony D'Angelo
- Mar 23, 2018
Cybersecurity is top-of-mind in the federal government, but the reality is federal budget processes and constraints have boxed in many federal agencies, limiting their ability to protect against the latest threats. And when tight budgets limit hiring, strapped teams cannot keep up with new and increasingly complicated attacks.
Cybersecurity changes continue to accelerate, including new, complex technologies to incorporate and new threats to protect against. Historically, federal IT has focused its investments on endpoint solutions protecting the network infrastructure, which includes relatively unsophisticated email gateway solutions for anti-virus and spam.
However, these solutions only address 10 percent of the problem. Studies consistently find that about 90 percent of advanced attacks begin with new forms of email threats that target individuals, not networks. These attacks include business email compromise (BEC), phishing and ransomware, and pose a serious risk of financial loss and loss of intellectual property.
Beyond these email threats, attackers also target social networks and mobile devices. For example, spoofing a real employee on a social media platform can be a pathway to obtaining sensitive data. And many malicious apps also contain malware designed to access this data or steal login information.
Given all these new threat vectors, federal agencies must increase their cyber defense strategies. The following 10 tips are designed to help federal IT teams better prioritize cyber threats, shift their approach to spending and improve cyber defense.
- Know the current landscape. Talk to peers, read federal publications (especially from the FBI) and attend seminars and webinars to learn how to solve challenges and stay ahead of pressing threats.
- Take a TCO approach. Avoid merely looking at the acquisition cost of a cybersecurity solution. Fixing problems will likely cost more than the automated tool in question. Also, consider the lost opportunity cost. For example, an automated solution that quarantines an intrusion allows teams to stay focused on more strategic projects. Cyber vendors and integration partners can provide a broader context for calculating the total cost of ownership for specific solutions.
- Evaluate your specific threat profile. A Department of Defense component may face very different threats than a civilian agency. Some questions to ask: Do we have visibility into where email is coming from? Are BYOD devices used? What is the role of social media in the department, and are there policies for using it? The key to fully understanding your threat profile is having reporting tools that reveal where potential attacks are coming from and your vulnerabilities. If these tools aren't available, consider partnering with a service provider.
- Ask vendors for proofs of concept. This is an excellent way to gain insight into existing threats and vulnerabilities and determine specific costs for improving your cybersecurity profile. Beware of any vendor that shies away from a POC. This is a red flag that the efficacy of that vendor's solutions is poor or lacking by comparison.
- Retire old solutions. As contract cycles end, retire old solutions for new ones. In the past few years, next-generation cybersecurity solutions have emerged offering significantly better protection than their predecessors – and these solutions don't necessarily originate from the same vendors that were the leaders at that time.
- Take a layered security approach. To prioritize spending, focus on the individual, the devices used and the data created across multiple mediums: email, mobile, SaaS applications and social channels.
- Identify the highest priority threats. Explore your specific vulnerabilities and weakest links. Funds tend to materialize immediately after a public breach, but they can also materialize if a vulnerability is believed to be severe enough. While it is not an enviable position to call out existing gaps in cyber protection, the alternative – a possible successful attack – can have a much more devastating and longer lasting effect.
- Apply incremental budget increases. Ensure any incremental budget increases are applied to the highest priority threats.
- Consider outsourcing benefits. Instead of acquiring new hardware, examine the benefits of outsourcing less critical infrastructure. An increasing number of agencies are taking advantage of cloud-based initiatives such as Office 365 and moving towards acquiring cloud-enabled cyber solutions.
- Find the right vendor. It is critically important to pick a vendor that has the right vision, organizational structure, infrastructure and scalability to stay one step ahead of the ever-changing threat landscape. The vendor community shifts, expands and consolidates at once, so investigate the offerings of all the top vendors to see which companies continue to evolve and outpace the emerging threat landscape.
In cybersecurity, complacency is essentially synonymous with inviting in the attackers. Fortunately, even in the face of tight budgets, agencies can increase their knowledge and their cyber defense profile by accessing available resources and working with partners and vendors that are on the frontlines of defense.
Tony D'Angelo is VP of Americas, public sector, at Lookout.