Internet Explorer 11 is not supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

The Cybersecurity Strategies Governments Need

An effective approach requires integrating proactive, agile defenses deeply into organizations.

ransomware
(Shutterstock)
If there were any doubts about the critical need for governments, businesses and individuals to better fortify themselves against cyber threats, Petya should have put them to rest. The attack a few weeks ago using ransomware known by that name wreaked global havoc, infecting computers and networks in more than 65 countries including the United States.

The Petya outbreak followed -- by just a few weeks -- the even more widespread WannaCry ransomware attack. As evidenced by these high-profile events, protecting sensitive data and leveraging the right systems to detect, prevent and remediate security breaches continue to be a challenge for many organizations.

The concern is especially high for government agencies. As guardians of some of our most sensitive citizen and public-employee data, they are attractive targets for cyberattacks. Governmental organizations face dozens of focused, targeted attacks each year, one in three of which result in a successful security breach, according to a recent Accenture survey of security executives.

To bolster protection of our assets, government agencies must adopt modern, proactive, agile strategies that can help them quickly identify and respond to digital security risks. It's not clear, however, to what extent they are currently applying the right resources to confront this challenge.

A recent Accenture report based on a survey of 150 government executives in the United States suggests that most agencies don't have adequate technologies in place. Only 13 percent of respondents believe their existing technology is effective for responding to cybersecurity breaches, and only one-third say they are confident in their ability to monitor, identify and measure these breaches. Almost half of state and local government respondents say that it can take months to identify sophisticated breaches. For the technology needed to fill in the gaps, the respondents most frequently listed end point/network security (58 percent), encryption (56 percent), threat intelligence (54 percent) and cyber-threat analytics (51 percent).

Public-service organizations need to integrate cyber defenses deeply into their organizations by employing a comprehensive end-to-end approach to digital security. As a first step, agencies should conduct a thorough assessment of their cybersecurity capabilities, while "pressure-testing" their defenses to determine whether they can withstand a targeted attack. They also need to identify and minimize their network exposure and focus on protecting priority assets. The following cybersecurity areas should be considered priorities for investment and greater leadership attention:

Governance: Focus on accountability to nurture a cybersecurity-minded culture, measure and report cybersecurity performance, develop attractive cybersecurity incentives for employees, and create a clear-cut cybersecurity chain of command. Leaders need to redefine cybersecurity success as more than simply achieving compliance targets. Getting the right level of visibility and authority is critical to discovering and responding to threats in a timely manner.

Agency exposure: Assess cybersecurity incident scenarios to understand those that could materially affect the organization. Identify key drivers, decision points and barriers to the development of remediation and transformation strategies.

Strategic threat context: Drive the organization to explore specific cybersecurity threats, including an analysis of geopolitical risks, and to identify what cybersecurity-related activities and technologies similar organizations are undertaking and deploying. These steps will ensure that an agency's security program aligns with its overall strategy.

Cyber resilience: Assess the organization's ability to deliver operational excellence in the face of disruptive cyber adversaries, and use "design for resilience" techniques to limit the impact of an attack.

Cyber response readiness: Put in place a robust response plan, provide effective cyber incident escalation paths, and ensure solid stakeholder involvement across all agency functions. Test the ability of team members to cooperate during crisis-management incidents.

Investment efficiency: Develop in-house expertise to drive smart cybersecurity investments and the most effective allocation of funding and resources. Compare organizational investments against benchmarks, organizational objectives and cybersecurity trends. Asset management can be difficult for government organizations, but this is a critical component of any security campaign.

Government agencies should approach cybersecurity with an organizational mindset -- one capable of continually evolving and adapting to changing threats. State-of-the-art cybersecurity will require not only investments in innovation and training but also rock-solid commitment from leaders.

Special Projects
Sponsored Stories
Sponsored
In recent years, local governments have been forced to adapt to a wildly changing world, especially as it pertains to sending bills and collecting payments.
Sponsored
Workplace safety is in the spotlight as government leaders adapt to a prolonged pandemic.
Sponsored
While government employees, students and the general public had to wait in line for hours in the beginning of the pandemic, at-home test kits make it easy to diagnose for the novel coronavirus in less than 30 minutes.
Sponsored
Governments around the nation are working to design the best vaccine policies that keep both their employees and their residents safe. Although the latest data shows a variety of polarizing perspectives, there are clear emerging best practices that leading governments are following to put trust first: creating policies that are flexible and provide a range of options, and being in tune with the needs and sentiments of their employees so that they are able to be dynamic and accommodate the rapidly changing situation.
Sponsored
Service delivery and the individual experience within health and human services (HHS) is often very siloed and fragmented.
Sponsored
In this episode, Marianne Steger explains why health care for Pre-Medicare retirees and active employees just got easier.
Sponsored
Government organizations around the world are experiencing the consequences of plagiarism firsthand. A simple mistake can lead to loss of reputation, loss of trust and even lawsuits. It’s important to avoid plagiarism at all costs, and government organizations are held to a particularly high standard. Fortunately, technological solutions such as iThenticate allow government organizations to avoid instances of text plagiarism in an efficient manner.
Sponsored
Creating meaningful citizen experiences in a post-COVID world requires embracing digital initiatives like secure and ethical data sharing, artificial intelligence and more.
Sponsored
GHD identified four themes critical for municipalities to address to reach net-zero by 2050. Will you be ready?