Efficiency and Security: Cost-Effective Cybersecurity Measures for Governments
In this Q&A, Peter Romness, Cybersecurity Principal, US Public Sector CTO Office, Cisco Systems, and Steve Caimi, Public Sector Cybersecurity Specialist, Cisco, describe the connections between cybersecurity and operating efficiency.
Given their budgetary constraints, how should government leaders prioritize their cybersecurity practices?Caimi: No one needs to tell you that you need to focus on operating more efficiently these days. There’s only so much time and money to go around, so we have to find out what really matters in terms of meeting cybersecurity outcomes. Cisco partnered with the Cyentia Institute to conduct a double-blind survey to understand what cybersecurity outcomes are most important and which practices contribute to those outcomes. We reached almost 5,000 cybersecurity professionals from around the globe. One of the outcomes that rose to the top was operating efficiently. They were obviously talking about cost effectiveness, but other subpoints were things like trying to minimize unplanned work, retain talent and streamline incident response procedures.
What best practices from the study should government leaders look to as the strongest levers to improve their security posture?Caimi: Some of the strongest correlations between practices and outcomes involved a proactive best-of-breed technology refresh strategy that keeps digital transformation moving while maximizing operational efficiency. The report concluded that even though proactive investments can involve an initial cost outlay, it is money well spent. State and local governments can follow the federal government’s lead with a cloud-smart strategy. Security in the cloud is constantly updated, and integrated and automated technology speeds detection and response. These kinds of things lend themselves to operating efficiencies.
The second thing was that well-integrated technology improves retention of cybersecurity talent. If you’re a cybersecurity professional in state and local government, you’re probably being recruited every single day. Governments can’t afford to lose their expertise.
What other strategies can governments take to ensure they support and retain their cybersecurity personnel?Romness: Cybersecurity professionals want to operate with the latest technology and do interesting work that makes the job rewarding. They want solutions that integrate so they don’t have to track down minutiae and follow system logs to find an issue. They want dashboards that show them incidents as they happen. They also want to be able to give back to organizations by helping them achieve their mission.
How would you encourage government leaders to think about protecting their systems in an era of constrained resources?Caimi: The fundamental role of cybersecurity is about efficient and effective risk management. We don’t have unlimited resources, so we have to figure out the things that matter the most and go and address them. A lot of times, we don’t have to reinvent the wheel. NIST has developed a lot of security best practices, but it changed the game with its Cybersecurity Framework in 2014 — a framework to make informed investment decisions by understanding where the risk is in a way that is simple and easy to follow. They’re not alone; other organizations also have good best practices that state and local governments can and should bring into their operations. One of the things we do is follow those best practices and align our portfolio with those best practices. It’s easy to have that conversation.
To view more videos like these, click here.