How Government Agencies Can Use Existing Resources to Increase Situational AwarenessPOSTED BY LIZ BUSH
According to a survey conducted by IDC, the digital transformation of U.S. federal agencies is putting citizen data and national secrets at risk. While digital transformation enables agencies to do more for constituents with fewer tax dollars, it has profound impacts on IT and data security. Based on the responses of 100 federal IT leaders, 60% have been breached – 35% in the past year alone. While network security continues to be a core focus with 36% of respondents, they are now putting a nearly equal amount of emphasis on data security and application security. This requires a multi-layered approach to security, which creates a new set of challenges.
The Office of Management and Budget (OMB) separately reported that of the 96 federal agencies it assessed, 74 percent are either at risk or high risk and need critical and immediate improvements. The risk assessments show that the lack of threat information results in ineffective allocations of agencies’ limited cyber resources. The report cites four core actions necessary to address these risks with “increasing cybersecurity threats awareness” at the top of the list.
Government agency computer systems are a treasure trove for threat actors given the vast amount of sensitive information they contain and critical infrastructure they run. But clearly agencies face significant challenges in protecting these high-value assets and systems. Some of the most daunting include: a lack of internal resources – people, technology and funding; legacy IT systems that are difficult to patch and protect and often are no longer supported; and transitions to the cloud, mobile and IoT devices that expand the attack surface but are necessary to increase government services and constituent responsiveness. With the recent discovery of malware within the computer network at the U.S. Geological Survey, we can add insider activity to the list of challenges.
Government IT and security teams are doing their best to establish situational awareness by combining raw threat feeds with existing SIEM and log management tools, as well as layering new products and technologies to protect the growing number of attack vectors introduced by digital transformation. However, this approach fails to achieve situational awareness. These disparate technologies, each with their own intelligence and working within their own silo, generate a massive amount of data and ultimately drive up alert fatigue for an already overwhelmed staff.
A robust threat intelligence platform can act as the glue to enable a multi-layered defense strategy. It fully integrates with and consolidates all sources of external and internal threat intelligence and vulnerability data and enriches it with context, allowing government security teams to prioritize for relevance and focus. Teams gain the real-time insight necessary to accelerate detection, collaborate on response, accelerate recovery and achieve a rapid response — even as they engage in digital transformation.
Download ThreatQ for Government to learn about the unique challenges facing government agencies and how a threat intelligence platform can help them do more with less.