The cybersecurity staffing challenge continues. Government IT operations and security decision-makers cite “an insufficient number of IT staff” as the top barrier to hardening their cybersecurity posture.
Furthermore, a 2022 (ISC)2 study of the cybersecurity workplace found a staggering 3.4 million positions left unfilled.
Without sufficient personnel, state and local agencies must augment their staff with the right approach and procedures. Technologies can make it easier to mine through vast amounts of data, monitor anomalies in their digital infrastructure, and shorten the mean time to detection.
Let’s look at three strategies agencies can deploy when cyber talent is out of reach.
- Centralize security data streams
With the proliferation of cloud computing and digital services, agencies are exposed to a broader range of cyber risks. Indeed, 66% of respondents to a SolarWinds survey reported that their IT environment is extremely or very complex to manage, and only 5% said they feel extremely confident in their ability to manage and secure these environments.
Part of the problem is tool sprawl. There’s so much data that public-sector IT pros must sift through to understand where cyber risks lie hidden. Let’s say an infrastructure problem occurs, potentially exposing the agency to cyber risk. The IT administrator must step in to determine if it is a cloud issue, on-premises problem, network problem, user problem, or a service provider issue — often using multiple, disparate monitoring tools.
In the face of this complexity and limited cybersecurity resources, agencies need technical support able to mine through data, monitor changes, and reduce mean time to detection.
For example, security information and event management (SIEM) can help by centralizing multiple streams of data and signaling anomalies in the environment. A SIEM gathers logs from apps and systems across the digital ecosystem, including hybrid environments, to provide an overview of possible network threats otherwise nearly impossible to detect using siloed technologies or with manual effort.
By doing so, teams can quickly identify security vulnerabilities and potential threats to prioritize where their limited resources should be directed to achieve the best security results.
2. Monitor network traffic for performance — and nefarious activity
Today’s public-sector networks are in a state of flux. Legacy networks were reasonably flat and static; IT knew where switches and personnel were located and could monitor and control traffic flow. But enterprise architectures have evolved into complex environments with billions of connected devices, applications, and users.
The use of flow-based technology can help by providing greater visibility into how network traffic flows across the network — making it easier to quickly identify congestion points, volume, etc. In addition to performance benefits, this approach can be particularly helpful in detecting anomalies, such as rogue devices and “shadow IT.” With dashboard views into network traffic data (including Wi-Fi traffic), teams can quickly understand how the network is being used, by whom, and for what purpose — nefarious or otherwise.
3. Keep a watchful eye on configuration drift
The general hacking community and state-sponsored bad actors are a perpetual menace. However, 58% of public-sector respondents to the same SolarWinds survey still see careless or untrained insiders as the greatest source of IT security threats. For example, if an agency’s IT infrastructure unintentionally deviates from security compliance standards — through configuration errors or erroneous configurations — it can be exposed to cyber risk.
To mitigate this risk, public-sector IT pros should consider implementing strategies like configuration management to automatically observe the infrastructure and monitor deviations from best practices and policies and ensure standards are enforced.
Overcoming staff shortages requires proactive measures
Even with limited personnel, state and local IT teams can take proactive measures to ensure observability and security across their expanding attack surface. By implementing effective technologies, such as advanced monitoring systems and traffic flow analysis, they can gain valuable insights into their infrastructure’s performance and quickly identify any anomalies or potential threats. Investing in automation also can alleviate the burden on staff, streamlining processes and reducing the risk of human error.
John Wilson joined SolarWinds in 2013 and is currently the director of sales for state, local and education and healthcare at SolarWinds. Under John Wilson’s leadership, SolarWinds’ state, local and education team continues to deliver mission critical solutions to their 9000+ customers. John leads the SolarWinds expanded healthcare business unit to help the healthcare sector streamline its IT operations, manage networks, and help it focus on what matters most: delivering great patient care.
Leave a Reply
You must be logged in to post a comment.