Today’s technological landscape looks drastically different than it did as recently as three years ago. The remote work scenario that hastily came together during the pandemic is now the norm, with most agencies offering hybrid work options — a cultural perk but a cybersecurity challenge.
“How do you make sure you’re protecting your most coveted resources within your agency?” asked Brandon Shopp, Group Vice President of Product Strategy at SolarWinds, maker of IT management software.
“Cyber is the new battlefield,” he said. “You don’t wait until a conflict starts before you start training your troops or coming up with new weapons.”
Improve Information-Sharing
One way government agencies can strengthen their cybersecurity posture is through information-sharing. Currently, agencies largely work in silos, which needs to change, Shopp said.
“If somebody is seeing a certain type of behavior or a certain type of attack, if they could share this information, then agencies can better prepare themselves so they’re less likely to fall victim to it, and there’s simply not enough of this collaboration going on,” he said.
The fact is threat actors don’t play by the same set of rules federal agencies follow, making it challenging for the government to get and stay ahead. Sharing threat information is like a rising tide able to lift all boats.
Use New Security Models
Another way to shore up defenses is to implement zero-trust policies and the principle of least privilege. The former requires user and device authorization and authentication to access agency networks and data, while the latter lets employees access only what they need to do their jobs.
A combination approach is crucial, said Shopp. There’s no one-size-fits-all solution because no two agencies are the same.
“You can’t devise a single or even a couple of approaches and say, ‘Pick which one works best for your agency,’ because it’s not going to fundamentally solve all the needs,” he said.
Invest in People, Technology
With at least 600,000 cybersecurity jobs unfilled in the federal government, investing in staff is critical. To attract workers, agencies need to offer salaries competitive with those of similar private-sector jobs and other incentives, such as training. For instance, train from within using rotational programs where workers can spend time immersed in different business areas, including cybersecurity.
Tech investments are also key. As agencies adopt cloud and multi-cloud environments, they must use artificial intelligence and machine learning to monitor data for behavior potentially indicating a problem.
“The amount of data is only continuing to grow, and the attack surface is only continuing to grow. We need the appropriate security observability solutions and tools to wade through data and look for patterns,” Shopp said. “To stay at the top of our game and continue in the forefront of cybersecurity, then we’ve got to invest accordingly.”
SolarWinds solutions support agencies’ security transformation by giving them security observability — visibility across all their systems and infrastructure with actionable data designed to help stop problems before they start.
This article appears in our guide, “Agency of the Future: How New Possibilities are Emerging in the Present.” To read more about how agencies are embracing the future today, download the guide.