An effective approach requires integrating proactive, agile defenses deeply into organizations.
If there were any doubts about the critical need for governments, businesses and individuals to better fortify themselves against cyber threats, Petya should have put them to rest. The attack a few weeks ago using ransomware known by that name wreaked global havoc, infecting computers and networks in more than 65 countries including the United States.
The Petya outbreak followed -- by just a few weeks -- the even more widespread WannaCry ransomware attack. As evidenced by these high-profile events, protecting sensitive data and leveraging the right systems to detect, prevent and remediate security breaches continue to be a challenge for many organizations.
The concern is especially high for government agencies. As guardians of some of our most sensitive citizen and public-employee data, they are attractive targets for cyberattacks. Governmental organizations face dozens of focused, targeted attacks each year, one in three of which result in a successful security breach, according to a recent Accenture survey of security executives.
To bolster protection of our assets, government agencies must adopt modern, proactive, agile strategies that can help them quickly identify and respond to digital security risks. It's not clear, however, to what extent they are currently applying the right resources to confront this challenge.
A recent Accenture report based on a survey of 150 government executives in the United States suggests that most agencies don't have adequate technologies in place. Only 13 percent of respondents believe their existing technology is effective for responding to cybersecurity breaches, and only one-third say they are confident in their ability to monitor, identify and measure these breaches. Almost half of state and local government respondents say that it can take months to identify sophisticated breaches. For the technology needed to fill in the gaps, the respondents most frequently listed end point/network security (58 percent), encryption (56 percent), threat intelligence (54 percent) and cyber-threat analytics (51 percent).
Public-service organizations need to integrate cyber defenses deeply into their organizations by employing a comprehensive end-to-end approach to digital security. As a first step, agencies should conduct a thorough assessment of their cybersecurity capabilities, while "pressure-testing" their defenses to determine whether they can withstand a targeted attack. They also need to identify and minimize their network exposure and focus on protecting priority assets. The following cybersecurity areas should be considered priorities for investment and greater leadership attention:
Government agencies should approach cybersecurity with an organizational mindset -- one capable of continually evolving and adapting to changing threats. State-of-the-art cybersecurity will require not only investments in innovation and training but also rock-solid commitment from leaders.
This article was originally published on Governing.