Over the past few years, data security breaches have impacted both the public and private sector. Here are some things federal agencies can do in the next year to improve their cybersecurity efforts.
Over the past few years, data security breaches have impacted both the public and private sector. Companies and agencies involved in these breaches include, Experian, The TSA, the NSA, Equifax, Yahoo, anthem, JP Morgan Chase, and several others. When personal and financial data is compromised and ends up in the wrong hands the consequences can be severe.
Those whose information is accessed and distributed suffer financial consequences, loss of privacy, risk of identity theft and potential embarrassment. The businesses and agencies involved also take a Hit. They have the expense of fixing the issue, implementing new security measures, and dealing with any other Fallout. Cyber security problems are costly. They erode public trust, and can have far-reaching consequences.
The fact that on several occasions government agencies have been successfully targeted by hackers should be reason enough for federal agencies increase the role that they play in cybersecurity efforts. When they consider the negative impact that these breaches have across several Industries, it becomes even more clear they must Step Up and take on a bigger role when it comes to this issue. Here are some things federal agencies can do in the next year to improve their cybersecurity efforts.
Find cost Savings in Other Areas of IT And Earmark More Funds to Cyber Security
There’s no question, improving cybersecurity requires a significant financial investment. Just like in the private sector, federal agencies may struggle to find the funding to prioritize it. Consequently, they may need to source those funds by cutting costs and creating more efficiency in other areas of IT.
In the federal government, acquisition is one area where bloat is an issue. By streamlining the purchasing process, making full use of IT resources, and using the information obtained from various audits and reports, agencies may find that they are not as cash strapped as they initially thought they were.
Improve Recruitment Efforts
The career outlook for information security analysts is spectacular. According to the BLS, the field is growing quickly, and the median salary is 95K. There are plenty of talented people entering this field. The challenge the feds face is getting that talent interested in jobs in the public sector.
On one hand, the government is limited in its ability to offer large salaries, or even to negotiate such with any real flexibility. On the other hand, there are perks that the government can offer to attract the best talent. First and foremost is emphasizing the opportunity to serve. Cybersecurity pros working for the government play an extremely important role in keeping military and other data out of the hands of our enemies. In addition to this, recruitment efforts can emphasize the work opportunities that exist within federal agencies. When it comes to federal law enforcement and military data security, there are projects available that potential hires won’t see elsewhere. Agencies can also emphasize educational and other benefits.
Create Useful Knowledgebase
The breach detection gap is the amount of time between a cybersecurity breach occurring and someone discovering it. The larger the gap, the more expensive and extensive the breach. The average cost of a data breach has increased to four million dollars.
One cause of breach detection gap is a lack of familiarity with existing systems. Basically, a breach goes undetected because neither human nor machine monitoring notice anything amiss. Worse, when a breach is discovered, lack of familiarity can make isolating and eradicating the breach a real problem.
This can be addressed with multidisciplinary approach. First, all existing systems must be audited and documented. “Workers must be able to quickly access information that will let them know: 1. Where to look for irregularities. 2. How to deal with them when they are found. Next, when breaches occur they should be documented thoroughly with the results made available to information security officers within and across federal agencies” – claims Jodi Wright, a content manager at Trust My Paper company.
Finally, as new technology is adopted, cybersecurity should be a priority from the start. This means identifying potential weak points, establishing appropriate access control, and employing sufficient monitoring techniques. This information should also be included in each agency’s knowledgebase.
In order to best fight cybersecurity threats, and deal with them when they do occur, agencies must prioritize flexibility. Criminals who seek to steal data, leak information, or disrupt systems are constantly engaging in self education. They learn new technologies, often before they come out, and how to break them. They can even pivot their attacks in midstream. Federal agencies must match, then beat them at their efforts.
Even before they adopt new technologies, agencies should make it their business to learn them and how their vulnerabilities. This way, when they do adopt them, they are prepared to maintain security. In addition to this, in order to provide assistance to private sector businesses, the feds must understand the technologies being employed.
Ultimately, this is a never ending effort. Not only are federal agencies tasked with securing their own information, they often play a role in helping private entities when they are targeted. If they can’t do so effectively, the consequences can be severe.