How Can Federal Agencies better Manage Cyber Risk in a fast changing environment?
Almost every day there is a new data breach, cyberattack, or IT security concern. With the rise of readily available hacking tools, cybercriminals can conduct sophisticated attacks at scale and at a low cost. The FBI’s Internet Crime Complaint Center received a total of 467,361 complaints with reported losses exceeding $3.5 billion in 2019 alone. Just a couple of months ago, a parts manufacturer for Tesla and SpaceX confirmed a data breach. And earlier this year, malware was discovered on servers at the Department of Defense.
These threats are not new, and agencies and commercial enterprises alike are focused on detection and mitigation. So much so that the global information security market is expected to reach $170.4 billion in 2022. If agencies are already focused on strengthening security, what’s the problem?
The problem is the approach. What must be refreshed is how federal agencies approach security—how are they identifying, managing, prioritizing, and mitigating risks? Also, agencies must take a hard look at how they are measuring the effectiveness of the security tools they buy and deploy to ensure a strong return on their investment.
Asking resource-strapped agencies to change their approach is not simple. If you look at last year’s GAO report, key challenges for agencies included: managing competing priorities across IT operations and security, receiving quality risk data, and incorporating cyber risks into enterprise risk management.
Compounding these challenges, the number of connected devices continues to grow. IDC predicts there will be over 41 billion in the next five years and according to some, we can expect 500 billion in the next decade. While this growth occurs, agencies must not only secure growing networks, but continue supporting mission needs and keep pace with ever-evolving technology.
So, how have agencies responded?…