The stats speak for themselves. According to the Ponemon Institute 2018 State of Vulnerability Response report, 52 percent of public sector organizations that were breached were attacked where a patch was available. Furthermore, 30 percent of public sector breach victims feared they were vulnerable.
But is it as easy as just identifying and resolving vulnerabilities? Apparently not. The study says 50 percent of public sector organizations have suffered at least one data breach in the last two years, and there’s been a 15 percent increase in cyberattack volume over the last 12 months.
Threats haven’t just increased in volume, but also in intelligence and intensity. So while an agency’s cybersecurity posture needs to be upkept, incident response is equally crucial to protecting an agency’s data and assets.
“Most organizations have a ton of security protection from threats,” said Chris Dilley, Chief Architect – State & Local Government | Higher Education for ServiceNow. “But what happens when something goes wrong?”
With so many threats and worries for modern-day agencies, GovLoop hosted a panel of cybersecurity and IT experts to discuss how agencies can protect data and respond to attacks going forward. Dilley joined Ryan Mulhall, Network Services Bureau Chief for the Iowa Communications Network (ICN), and Leslie Sloan, Advisory Solution Consultant for ServiceNow, on Thurday’s online training, How Workflow Automation Improves Security Response.
External threats are frightening, but cyberattackers increasingly try to poach from within – especially as they might need special credentials to access highly sensitive government information. Dilley said that workforce education is crucial for identifying and diagnosing threats and vulnerabilities.
“The lack of money, the lack of resources, the lack of personnel really haunt us,” Mulhall said. “Plus, when you ask what is your biggest security risk, everybody’s going to say, ‘Your users,’ when it comes to phishing incidents.”
In July 2016, Iowa drafted a plan to resolve incidents of cyberattacks. The process was all-encompassing and naturally caused some tension between IT and security-side employees, Mulhall said.
Iowa also lacked the personnel and technology to thoroughly process each response. Usually, Mulhall said, only one person would look at responses in government. On rare occasions, two people would.
For ICN, education makes up 85 percent of their responsibilities, while healthcare represents 10 percent. Much of the workload comes from supporting Netflix streams and Google searches, but there’s a tricky balance to offer these services across the state and maintain security. The state relies on public-private partnerships to provide IT and cybersecurity solutions.
“There’s going to be overlapping and butting heads and different visibility,” Mulhall said.
While most agencies face these challenges, workflow automation can help prepare agencies for the attacks that do land. Workflow automation solutions allow for better, more holistic visibility and communication between security and staff.
With workflow automation, individuals can submit suspicious “phishing” emails and immediately have the email and links scanned for pernicious material. ServiceNow offers workflow automation services geared to security and incident response.
“Security automation is a great way to take the burden off overworked and understaffed security teams,” Sloan said.
Workflow automation also can allow leaders to prioritize their data and assets, thus preparing different levels of responses for different levels of threats.
Mulhall recommended that department heads read the United States Computer Emergency Readiness Team (US-CERT) suggested policies to understand the nature of cyberthreats.
Another benefit of workflow automation in security is to separate incident response and vulnerability response workloads leveraging current solutions. From there, agencies can develop a complete playbook that will communicate the best practices for agency arms, from non-tech employees to security heads.
“Your limited amount of people can be very focused and very immediate in their efforts to remediate the security risk in a timely manner,” Sloan said.
While evaluating new technologies, agencies need to brace for attacks before they ever strike. Education, preparation and communication are the best ways to ensure agencies’ data remains safe, no matter the incoming threats.