This blog post is an excerpt from our recent Industry Perspective, Why Prevention Still Matters: The Cybersecurity Approach You Can’t Abandon. To download the full report, click here.
The recent breach of the Office of Personnel Management data affected 22 million records, but its ramifications are even more far-reaching than that. Media coverage of the event ensured that many more people worldwide are aware of the U.S. government’s cybersecurity shortcomings and those people are demanding a swift response.
It’s in this very public environment that cybersecurity professionals find themselves today, forced to shift their focus from proactively securing the infrastructure to incident detection and response. It’s also in this context that a dangerous precedent is emerging, one that preaches the idea that because security measures aren’t foolproof and cyberattacks will happen, it’s more important to focus on reaction than prevention.
The reality is that skimming over and skimping on prevention will only lead to more breaches. The statistics back this up—federal network cybersecurity incidents were up 15 percent in fiscal year 2014 compared with the previous year, according to the Office of Management and Budget. So what can be done?
“The best defense against cyberthreats to government networks lies in a long-proven source,” said Chris Pogue, Senior Vice President of cyber threat analysis at Nuix and former U.S. Army Signal Corps Warrant Officer.
It ultimately amounts to a two-pronged approach:
- Military-based defense tactics
- Public-private partnerships
To understand the complexity of cybersecurity and then simplify it, one must look at:
- Why cybersecurity’s paradigm is shifting
- Mistakes that IT administrators are making when it comes to prevention, detection and response
- How shortages in the number of skilled workers are affecting the government’s cybersecurity capabilities
- What cybersecurity approaches are worth the government pursuing
- The fact is, cybersecurity is not merely a trend.
It’s crucial that employees both within and outside the IT department understand the evolving threat landscape and ways to secure against it.