Government agencies need to reconsider the way they deal with cybersecurity. The key to reducing breach rates is automating routine vulnerability response processes and elevating existing staff to focus on more critical work.
Data breaches are getting more sophisticated, agencies’ cybersecurity teams are being held back by manual processes and disconnected systems, according to a global survey of 295 cybersecurity professionals.
In the last two years, 45% of government agencies have experienced a data breach, and the severity of breaches increased by 27% over the last 12 months, according to the survey. Hackers are ramping up their attacks and turning to advanced technologies, such as artificial intelligence (AI) and machine learning (ML). And organizations surveyed who avoided breaches were better at detecting vulnerabilities quickly and patching vulnerabilities in a timely manner.
Below are five key recommendations from ServiceNow that provide organizations with a pragmatic roadmap to reduce the risk of a breach. ServiceNow is a software company that commissioned the Ponemon Institute to conduct this survey.
Take an unbiased inventory of vulnerability response capabilities.
Assess maturity based on the two key capabilities of government agencies that avoided a breach: detecting vulnerabilities and patching them in a timely manner.
Accelerate time-to-benefit by tackling low-hanging fruit first.
Start with basic hygiene items that can be addressed quickly. For instance, if security teams don’t scan for vulnerabilities, they need to make it a top priority to acquire and deploy a vulnerability scanner. If they do scan, they need to make sure they are doing both external and internal scans, including authenticated scans.
Break down data barriers between security and IT.
Create a common view combining vulnerability and IT configuration data—ideally using a single platform.
Define end-to-end vulnerability response process, and repeatable vulnerability response processes increase accuracy—reducing risk and eliminating rework.
Workflow and process automation adds to this by driving significant efficiencies, accelerating patching times and reducing staffing requirements.
Retain talent by focusing on culture and environment.
People want to work in high-performance organizations where success is the norm. Creating this environment is the best way to attract and retain talent. By breaking down internal barriers, creating optimized processes, and automating mundane work, security teams within the public sector can dramatically increase job satisfaction and eliminate frustration.
The time to act is now. Breach rates are already extraordinarily high, and emerging AI-fueled threats are likely to increase the effectiveness of cyberattacks. Amidst a talent shortage, government agencies need to train their existing IT staff.
To explore more results from the study, as well as a pragmatic road map for reducing data breaches, access the report, “The State of Vulnerability Response in Government: Patch Work Demands Attention” here.
Images credit: ServiceNow