It’s no longer a question of whether agencies are at risk of a cybersecurity attack. Instead, organizations are focusing on managing and countering the inevitable threats facing their systems and data. But how can they prevent attacks when they’re not sure how or when they will happen?
Taking a risk management, continuous and holistic approach to cybersecurity is one answer. In a recent interview with Paul Parker, Chief Technologist – Federal and National Government at SolarWinds, and Don Maclean, Chief Cybersecurity Technologist for DLT Solutions, we asked what it took to adopt a risk-management approach to cybersecurity. They encouraged government IT professionals to look beyond regulatory guidance to adopt automated continuous monitoring. Together, DLT and SolarWinds provide the tools to do that.
One obstacle facing many agencies is the confusion between compliance and security. The federal government has created a number of mandates and regulations to guide agencies, including the NIST Risk Management Framework. However, as more regulations are developed, IT professionals are becoming overwhelmed with information.
According to SolarWinds’ 2017 Federal Cybersecurity Survey, public servant IT processionals feel the same. Over half of respondents (52 percent) indicated that regulations and mandates posed more of a challenge to managing risk than in the past, and respondents were twice as likely to feel that the Risk Management Framework posed a challenge to managing risk than helping contribute to cybersecurity success.
But more than simply inundating security professionals with information, Maclean and Parker said that these regulations can mislead agencies by conflating compliance with effective risk management. “It’s become a big focus on just checking the box,” Parker said. “It’s not about knowing you are more secure or less secure. It’s about meeting the mandates and deadlines.”
“The Framework was supposed to be a jumping off point, where agencies could understand what was wrong and begin to fix it. But the processes became so exhaustive that compliance became an end in itself,” Maclean added.
Luckily, more government IT professionals are starting to understand the potential disparity between compliance and security. In the same SolarWinds survey, 70 percent of respondents felt that being compliant does not necessarily mean being secure.
Parker and Maclean agreed that agencies must move beyond regulatory standards to invest in automated, continuous monitoring. This is especially critical as agencies encounter more cyberthreats from within their organizations. “Insider threats are always going to be one of the top threats for agencies,” Parker said.
More than half of survey respondents (54 percent) said that careless or untrained insiders represent the greatest security threat to their agency, while 29 percent felt that malicious insiders were also a significant threat.
Continuous monitoring can help prevent and detect both intentional and accidental misuses of agency technologies and information. By monitoring technology use, network traffic, and other IT log data, administrators can better understand the baseline operations of their network as well as identify irregular data that might indicate a threat.
At the same time, administrators can more reliably counter risks that are detected, as automated technologies reduce the potential for human error and system misuse. Plus, automation of manual tasks saves IT staff significant time and labor, allowing them to focus on the higher-risk threats against their networks.
However, automated continuous monitoring requires more than simply placing sensors throughout an agency network. It requires a collection of security tools deployed across an organization, working in concert to collect and synthesize a diverse array of data.
“There’s a lot of exhaustion around the number of products on the network today,” Parker said. “What many agencies are really missing is the most basic network security. That’s where SolarWinds can really help. We can bring in easy to use, affordable IT management solutions that help address many of these gaps.”
With an integrated and mapped technology suite of network monitoring tools, IT staff can quickly analyze data from across the entire organization and react to insider threats in real time. They can reap the benefits of automated network monitoring, without getting lost in individual product details or worrying that systems connected properly.
That also helps agencies report reliably to regulatory bodies on their progress towards cybersecurity compliance. With a confident, risk-based network security strategy, organizations can move beyond simply checking the box on regulations. They can begin to tackle the real insider threats facing government today.