By now, everyone knows that cybersecurity is a top issue among government agencies. Every day there are new threats. Complicating matters, cyber criminals are getting smarter and are employing more sophisticated tactics when it comes to breaching security measures.
In fiscal year 2015, the federal government was hit with a 10 percent increase in cyber incidents, receiving more than 77,000 cases of data theft and other breaches. Unfortunately, this trend is only going to continue. Traditional security solutions and ways of thinking are simply insufficient in dealing with this evolving cyberthreat landscape.
In order to understand how to better combat the growing cybersecurity threats, GovLoop sat down with Karen Terrell, Vice President of Federal, SAS Institute Inc.
For Terrell, the biggest cyberthreat is network visibility. “Agencies need accurate visibility into the normal and abnormal network behavior so they can respond to and detect suspicious activities very quickly,” she said. “The security teams in most commercial organizations, but certainly the federal government, are pretty well buried, investigating and responding to a sea of alerts, generated by their existing security technologies and security products. You could have as many as 60 different security products in place, and security teams really can’t keep up with the number of alerts that are generated. Security analytics can help provide the network visibility by looking across network traffic data.”
One of the reasons the visibility issue is so critical is that the federal government is the largest producer of information in the world, creating roughly one petabyte of data every two years. So it is no surprise that government entities are a prime target for hackers. “Agencies are now recognizing the importance of security analytics in helping to protect their most valuable data assets,” Terrell said. This shift away from the traditional rules- and signature-based security solutions – which only identify “known” bad activities – provides the government a more comprehensive security posture.
But who will serve as the proverbial cyber bouncer, able to detect and eliminate the bad actors before they can cause harm? “In 2012, attackers were present on a network for as many as 416 days before they were discovered,” Terrell said. “In 2015, we reduced that time, but there are still attackers sitting on networks doing reconnaissance activity an average of about 146 days. So it’s reduced, but it’s still a long time that we’re unable to detect that they’re sitting there, and all the while those bad actors are trying to find different ways to breach and infiltrate and do damage.”
Research by GovLoop and SAS indicated an alarming shortage of analytics talent in the federal government. This shortage extends to cybersecurity, where there is already a critical shortage of professionals, let alone those with analytics backgrounds. In fact, Terrell noted, “96 percent of government employees identified a data skills gap within their agency. That’s 96 percent of the people working in the federal government who are concerned about their own skills in thwarting not just cyber activity, but other kinds of bad actors.” Across the federal government, agencies are falling short in finding the right talent.
Fortunately, technology has driven a democratization of cyber analytics, applying the power of big data analytics to provide security teams with visibility into suspicious network behavior while offering non-technical decision-makers an understanding of the agency’s overall security posture. That’s a positive development, but it doesn’t eliminate the need for skilled professionals who can address the “traditional data science challenges” associated with cybersecurity, such as data management. It remains essential that federal agencies invest in a strong analytics and cybersecurity workforce.
To learn more, download GovLoop and SAS report, Government Workforce in Focus: Closing the Data and Analytics Skills Gap.