The volume and sophistication of modern cyberattackers are transforming what it means for organizations to have comprehensive cybersecurity. It is no longer enough to simply have the strongest defenses in place. Cybercriminals have repeatedly displayed adroitness in their ability to slip through the cracks of even the most well-defended networks.
Rather, organizations today must strive to have the smartest defenses, so that even after the bad guys invariably find a way in, they will be limited in what they can accomplish. Nowhere is this more apparent than in government organizations, where protecting sensitive information is often a matter of national security.
Uncle Sam is in hackers’ crosshairs
The breach of the U.S. Office of Personnel Management that took place in early 2015 was a harsh reminder that the government is just as vulnerable to the malicious whims of cybercriminals as any private business. However, a recent study has further emphasized just how big the bounty on Uncle Sam’s cyber-head has now become.
According to Control Risks’ RiskMap 2016 report, a little over a third of all targeted cyberattacks between October 2014 and October 2015 were aimed at government. This is not necessarily shocking in and of itself, as governments typically have access to detailed information about residents within their borders. But upon taking a closer look at the current state of government cybersecurity, it does raise a few red flags when it comes to preparedness.
A recent survey conducted by the Ponemon Institute revealed that federal IT workers (around 44 percent of them) and state and local IT leaders (40 percent) cited “negligent insiders” as the biggest threat to government cybersecurity. Much like shadow IT, the negligent insider represents any agency of employee within an agency that does not make enough preparations to defend against cyberattacks.
This lack of preparedness takes many forms, as highlighted by recent reports. For instance, it was recently discovered that the Department of Homeland Security was running multiple unpatched databases that contained information designated “secret” and “top-secret,” according to The Register. In a separate faux pas, TechNewsWorld reported that up to 85 percent of federal workers have admitted to risky IT behavior on mobile devices used for work-related purposes.
The problem here is that cybersecurity is not solely dependent upon the strength of perimeter security. Improper maintenance of a network or the avoidance of best practices both create internal threats to a network that are more difficult to defend against. This further highlights the need for a layered approach to security that doesn’t start and stop at the firewall.
Improving detection with Managed SIEM
One approach to creating comprehensive cybersecurity is through the use of Managed SIEM. Also called SIEM-as-a-Service, this offering is easily deployed via the cloud. It is also far more affordable than legacy services, making it a cost-efficient solution for organizations.
The principal benefit of managed SIEM is its ability to improve security monitoring within the actual network. IT staff see hundreds, even thousands, of cybersecurity alerts on a daily basis, and the act of weeding out the false threats versus the truly pernicious ones can be somewhat daunting. Managed SIEM enables an enterprise network achieve this easily with the help of trained cybersecurity specialists. In doing so, SIEM-as-a-Service makes it possible to detect a cyberthreat in the network early, before any serious harm can be done.
If there is a silver lining to the current state of government cybersecurity, it is that the majority of respondents to the Ponemon Institute survey said that they are confident in their organization’s ability to detect a breach. This may help mitigate some of the threats that could be introduced as a result of the “negligent insider.” The ability to do so is not only key in government organizations, but also small and midsize businesses in the private sector – and this is where managed SIEM truly shines.
Cybersecurity news and analysis brought to you by Arctic Wolf, leading provider of managed SIEM services.