Top Takeaways from the Cybersecurity Webinar
According to the recent Market Connections survey of federal IT and security professionals, almost half of federal agencies have been affected by recent cybersecurity breaches; two-thirds of those felt some appreciable impact, and one in ten felt the recent breaches were extreme. At first glance, those numbers may seem lower than many of us have been led to believe. Or are the numbers actually worse than the federal workforce is willing to admit (or even have knowledge of)? Conventional wisdom points to facts that are somewhere between these two points, but what may be evident is that while many agencies may have been better prepared than we thought, breaches may have become part of the lexicon in federal IT work. Our question is what role have vendors played in the preparation and response and how can they further support their agency clients?
Market Connections, together with ATARC (Advanced Technology Academic Research Center), surveyed and shared results of over 200 federal IT decision-makers and influencers and brought together a panel of former federal c-level IT executives who provided further insight on data and their opinions on what the breaches really meant for government agencies and the contractors supporting them. Here are the top three takeaways from the panel:
Cybersecurity Breaches Are Going to Happen; You Need to Be Prepared.
Six out of ten respondents felt that the breaches were similar to those they had experienced in the past. Jonathan Alboum, former Chief Information Officer (CIO) at United States Department of Agriculture (USDA), reiterated this in the discussion session, “Really what people are focused on now is how do you respond when there’s a breach…we’ve moved from ‘you can never have a breach’ to ‘you have to be able to respond very quickly and adeptly and have a good awareness about the actions you have to take in order to remediate what’s occurred.’ That’s an important shift in the culture to understanding around cybersecurity.” His comments point to reasons why there was less concern among federal tech workers than the general public may believe. It’s “business as usual” among the federal security officers.
How do you prepare? Dr. John Zangardi, former CIO at Department of Homeland Security (DHS), highlighted three ways to do so: reducing the stack, reducing the workload on cybersecurity professionals, and increasing cyber hygiene. How can vendors support?
With regards to the latest breaches, panelists agreed, a possible reason that respondents are not identifying the impact as extreme is because there are still unknowns about the full ramifications of the breach. Nearly two-thirds (63%) of respondents said they were looking for increased cybersecurity risk reporting measures followed by looking for better predictive and diagnostic tools (62%).
However, according to Chad Sheridan, former CIO at USDA, those tools need to be able to communicate data at both high department levels and among those who address these issues daily. He believes the struggle is in the communication systems to those working on the front lines. When there is an identified vulnerability or breach, not only should the cyber professionals on staff be working on it, but also the general folks who are operating and managing the system every day. He also stated, “if we start to improve how we manage the amount of data and the gaps between what’s reported at the top and what’s actionable at the bottom, then we start to make headway.”
Automation, said Sheridan, can help relieve the workload on cybersecurity professionals while increasing cyber hygiene. Tools with automated notifications, actions, or recommendations to take actions, along with easy system administration can have an immediate impact on the day-to-day cyber hygiene within an agency. It’s as easy as having simple tools and notifications and the awareness and ability to act.
When supporting the government, Dr. Zangardi reminded vendors the most important thing is to build trust. You need to have relationships and transparency. He asks the poignant question, “Will the vendor be standing there with me on the day I have a hard time, helping me resolve this issue? Did the vendor talk about what they experienced on the network and be able to share back and forth some of the dirt?”
Don’t Forget Mission
In addition to building trust with an agency, Alboum reminded vendors that the technology organizations you’re trying to work with are only there because of the programs they support. Products need to connect with the mission need. How does it drive mission outcome? How does your work allow the agency to provide citizen services—benefits to farmers, children’s lunches, or homeland defense? When trying to work with agencies, don’t focus so much on the business development but on how your services will ultimately help further the mission.
Sheridan went further by advising vendors to “make it real” in your description of how your products and services can impact individual people. By automating and reducing the drudgery a cybersecurity professional must do in their day-to-day, they can work on the higher-value activities that can promote the mission. He further says, “Have some data behind what you’re presenting and talk about how to impact the people that serve the mission and ultimately how that equates to mission value.”
Watch the Video:
Want to watch the full video and download the presentation, visit: https://www.marketconnectionsinc.com/webinar-how-are-federal-agencies-responding-to-recent-cyber-attacks/