If you work in the government sphere, you know just how much technology has evolved over the past decade. These changes have improved a number of processes, but they’ve also come at a cost, namely in cybersecurity.
This month’s DorobekINSIDER Live — “The New Era of Gov Cyber Spending” — featured a discussion among Allen Shinkle, Chief Information Security Officer at the Treasury Inspector General for Tax Administration; David Perodin, Solutions Consultant at ServiceNow, and GovLoop senior editor’s Hannah Moss, the author of a recent guide called “How to Play Your Role in Cybersecurity.”
Each of the experts warned against agencies implementing new technology too quickly or haphazardly. The reality is that introducing new software or IT systems opens new vulnerabilities.
“These shiny new objects are built to work, not necessarily built to be secure,” Shinkle said. “We try to do as much under the covers as we can so that when we give an end user a new ability or a new thing, they’ve already been locked down” or properly secured.
Additionally, ease of access to information in the 21st century has exacerbated the problem. People have a tendency to take cybersecurity for granted, without fully recognizing the risks involved.
“Our culture has been conditioned to have access, to gain access to information in seconds with no regard to security,” Perodin said. “As a result, we have been victims to various types of attacks. What I’m actually seeing is this neglect of security at a very early stage, that has now transformed into a situation where we’re constantly trying to react.”
Perodin added that “we should get out of this defensive posture and be a little more offensive” in terms of cybersecurity.
He explained that his team at ServiceNow has been brought into several conversations where organizations just didn’t have the staff required to properly secure their systems. But people are crucial to the equation. In the end, they may be the most important part.
As agencies modernize legacy IT systems, it’s crucial that they incorporate cybersecurity into their plans up front, rather than trying to address it later.
“You shouldn’t be updating any system, buying any new system, replacing any system, without first and foremost thinking about the risk it will pose to your agency, and how you can overcome that,” Moss said. “The truth is that IT can only do so much. You can make the most sophisticated program, but if the people who are supposed to be using it aren’t using it correctly, then the system isn’t going to work.”