Grappling with today’s complex cyber-threat landscape and supporting larger scale remote users

Chris CruzCIO for State, Local and Educational Institutions (SLED) at Tanium

The number of cyberattacks targeting state and local governments in the United States has significantly increased in recent years. At this time, 44% of ransomware attacks worldwide target governments. Municipal governments, K–12 institutions, and other small government organizations frequently succumb to these attacks because they lack the personnel, resources, and know-how necessary to successfully protect themselves.

Some state governments are now implementing a Whole-of-State strategy to cybersecurity to assist protect municipalities and other local governments against similar threats. The state government works with smaller local governmental organizations to make sure that everyone is safe from attacks. This will enable them to improve cyber security by sharing training, threat intelligence, tools, and other resources. CIO World Asia spoke with Chris Cruz, CIO for State, Local and Educational Institutions (SLED) at Tanium about the relationship between government and cybersecurity.

Common government/ public sector concerns around cybersecurity

By enabling organizations to have a common security posture.

1. Common security governance framework

It is getting a centralized program to make decisions on a common platform. This involves communication, incident reports and a management plan. The management plan will lay out what the core objectives and criteria are in managing information security in the organization.

Oftentimes, in an organization, they frequently have a very federated perspective. Their networks are split into two parts, and each part of the company has a distinct strategy for patching, managing their platform, their profile, filing incident reports, investigating security issues, and responding to breaches. Due to this, having a common platform helps ensure that all incidents and responses can be managed to a core standard and that a contingency plan is in place. It is increasingly important to have common security and policy procedures that are standardized across the organization.

It is increasingly important to have common security and policy procedures that are standardized across the organization.

2. Integrating a platform

It might be quite beneficial to have an integrated platform within the organization to support automated solutions. By integrating a platform, organizations can overcome challenges like database management, desktop support tools, or endpoint protection tools by feeding all of those tools with real-time data. This enables organizations to decide on the state and wealth of their data capabilities quickly and intelligently.

This provides a low level of risk for an organization as having a proactive approach towards cybersecurity is always better than a reactive approach which will lead to cleaning up incidents or major breaches.

Legacy approaches to complex security and technological environment

Mainframes in legacy areas had security built in. Today, however, it has shifted to web-based apps like IoT based Applications. These technologies, which have moved away from the legacy approach, are what Chris refers to as “modernization technology.”

Given that modernization technology is less stable than mainframe programs and legacy software, it is difficult to see how security could be applied to it. Therefore, there is some level of uncertainty about whether to incorporate enough security onto those devices as digitization affects our technology.

Numerous consequences of these devices’ lack of application security have already occurred. Therefore, it is crucial to make greater upfront investments in security as modernization grows. Increasing security spending will help manage and monitor attack entry points.

Sniper patching and threat detection responses will undoubtedly assist organizations in taking a more proactive approach to security.

Helping governments to save resources

By having cross-training for the people.

There are a limited number of individuals working in cybersecurity. A smart strategy to conserve resources is to keep employees in the government sectors and rebrand them with modern cyber security skill sets.

Not just through educating individuals who work in the government sector, but also by returning to high schools and remedial education for those who are enthusiastic about receiving basic cybersecurity training. Since students can be brought into this framework of managing and monitoring even before they enter college, onboarding can therefore begin at these high schools.

The key to success here is to make sure that government resource utilization is optimized. Additionally, by standardizing on a system that connects operations and security and using a shared platform.

The operating and security environment cannot accommodate a large number of tools since doing so would be difficult to manage and would overload workers. A much more effective way to create a common security is to have an automated with real-time data manage and detect these things on the organization’s behalf, with the staff only watching and providing visualization. 

By having a built-in security governance strategy that is in line with incident response, chain of custody, and standard operating procedures, organizations are able to have a consolidated approach for IT security and operations.