Cloud services are accelerating agility and collaboration and generating cost-efficiencies for government agencies. But as the public sector takes more and more advantage of the cloud, it’s important not to forget the data. In SaaS environments, agencies own the security of that data and need to access it appropriately. When using IaaS or PaaS, government is also responsible for the security of those workloads and the correct configuration of the underlying application and infrastructure components.
2018 marks the 15th year of the National Cybersecurity Awareness Month, a government/industry effort – observed every October – that works to ensure every American has the resources they need to “be safer and more secure online” and educating everyone about the roles they play in helping to safeguard the internet.
Government agencies are moving to the cloud. It’s been a recurring message for a number of years, but in 2018 new statistics from Gartner give us concrete data on cloud spend: local governments spend 20.6% of their IT budget on cloud, while national governments spend 22%.
Cybersecurity skills shortages are nothing new. But new research shows that they are creating recruiting chaos.
No sooner do you have your arms around one cybersecurity vulnerability then another surfaces. This time it’s Meltdown and Spectre, both of which can cause data leak from kernel memory. These vulnerabilities are particularly worrying since they impact practically all computers and involve multiple IT vendors including processor players Intel, AMD, Qualcomm, and ARM.
Getting to know the “enemy with no face” is critical to winning the cyber war. In fact, it’s the tagline from the U.S. Army’s latest cyber warrior recruitment ad. Yet, one of the biggest challenges to doing so is that most organizations have zero visibility into a significant percentage of the endpoints on their network. That’s because they are either not managed (BYOD, guest, and IoT), have disabled or broken agents, or aren’t detected by periodic scans.
As government officials begin investigation of the Equifax breach that exposed the sensitive information of 143 million people, what does the breach mean for agencies themselves? After all, the U.S. government stores far more sensitive data than the private sector, and often stores it on older, more vulnerable systems.
Securing government networks and systems takes a village. Keeping pace with attacks and shortage of security talent has driven security operations to pool data resources and orchestrate actions across vendors, open source projects, and internal development efforts. It’s a community effort. Sharing threat information and codifying procedures to better fend off the enemy with no face. This kind of intel also improves detection efforts and response through collaboration across systems.
Another nameless, faceless adversary (or as the U.S Army calls them “the enemy with no face”) struck again in the last week of June. Hot on the heels of WannaCry attack in May, the Petya ransomware campaign brought widespread disruption to organizations, government agencies, and infrastructure worldwide.
On the heels of their big announcement, McAfee hosted the recent “Security Through Innovation” conference sponsored by DLT, where government and industry executives touted key ideas, changes of mindset that we need to start to win the cybersecurity war. Covering everything from Cloud to private/public partnerships, to CDM and infrastructure, here are the top 3 key takeaways from DLT's Chief Cyber Technologist Don Maclean.