Saturday, October 22, 2022

6 Ways In Which Local Governments Are Being Proactive About Cyber vs. The Private Sector

 


One of the other things that I do other than technical writing and podcasting is that as a secondary line of business, I also sell other Cybersecurity related services. This includes everything from Pen Testing to doing Compliance Work to Threat Hunting, to even doing Vulnerability Scans.

Sometimes I have had luck with it, and sometimes not. A lot depends on the level of interest and timing. But the one common thing that I do get is pushback, and it can be hard.

For example, there is one Cyber product that I am selling, and it is very affordable for the SMB. Even despite this, many SMB owners simply say to me:  “I am not interested, because if I have not been hit before, I won’t be ever.” 

That is a rather farfetched statement to make, but it is what it is, I guess. But in a sharp comparison, the good news now is that the government sector, believe it or not is actually taking more proactive steps to protect their boundaries.

This was discovered in the recent study entitled “2022 Deloitte-NASCIO Cybersecurity Study”. What are some of the catalysts that are driving this unexpected trend? Here are some of the indicators:

1)     People are taking notice:

Believe it or not, it is your local politician that is taking note of the increased in the Cyber landscape that is unfolding. In fact, another recent trend I have noticed is the increased number of legislative bills that are being introduced in some of the states. In fact, some 44% of the states have allocated a budget in order to have a dedicated CISO on their side. But the study did find that many of the states do not have an intelligence or data sharing program yet put into place. Hopefully, that will change when the new state CISO comes on board.

2)     The purses are opening up:

Another startling discovery: States are actually spending more money on Cybersecurity. Now, it is not a huge amount by any means, but it is certainly a good start. The bad news is that many state elected leaders still do not where the spend is going, which is not good. But all in all, it is reported that some 30 states are letting go of being a miser when ti comes to Cyber.

3)     Priorities are getting more attention:

In the past, just trying to get something out of the C-Suite in terms of the financial help was the main attention getter for the state. But now since that budgets are loosening a bit now; the focus has now shifted to combatting the actual threat variants themselves. Also, trying to replace legacy security technology and increasing Cyber staffing are now of top concern, along with securing Critical Infrastructure.

4)     Compliance kicking into gear:

When the COVID-19 pandemic first hit, many of the data privacy laws such as those of the GDPR, CCPA, HIPAA, were not being enforced, so that they companies could conserve their cash flow to keep moving forward. But with what appears to be that the pandemic is now over, the enforcement actions have kicked into high gear. Of course, nobody wants to be audited and pay huge fines, so the states are now hiring virtual based Privacy and Data Officers to help out with any sort of compliance related issues.

5)     More collaboration:

        This one of the key areas in Cybersecurity that is still lacking. Many of the IT Security teams of      today are still working in a siloed approach, but there are efforts to tear these walls down, by              making use of DevSecOps. In the public sector, the state level CIO does not have many contacts           with other resources, such as the educational sector. Only 35% of them have any direct contact             with people like professors, research institutes, etc.

6)     Cutting down the amount of time for actual hiring:

At the present time, it takes a horrendous amount of time to hire a Cyber professional for a state level job. Some this can be attributed to conducting background checks and the overall bureaucratic nature of the process. For instance, 46% of the CISOs reported in this survey claim that it takes six months or greater to hire somebody for their staff. So many states are now hiring contractors to counter the time in what it takes to hire somebody directly. In fact, there is some success with this, as the need to outsource to MSSPs has increased by 78% just this year alone.

My Thoughts On This:

It seems like to me that with Biden as President, the understanding of how important Cybersecurity is to our nation is starting to pick, especially with this recent Executive Order. But unfortunately, the government at any level will be too slow to respond to a direct security breach.

This is where the private sector can come into play. In fact, there should be a consortium of Cyber vendors that can come in quickly with first responders to help the government fight off and mitigate that breach.

But this will involve creating more partnerships with the private sector, something that the government IMHO has been slow in or is unwilling to do. Also, the government needs to forge closer ties to the academic sector, as this will be one of the best ways to get access to cutting edge research. In fact, this needs to be done at all levels, by no means should any intelligence not be shared with the relevant parties.

But all in all, at least things are starting to move forward in some direction with the local governments. Hopefully, this manifests into a triad of sorts:  The academic, private and government sectors. Once finally everybody can come together as one, this will be one awesome triad, like the Trident nuclear missile.

Finally, you can download this report at this link:

https://www2.deloitte.com/us/en/insights/industry/public-sector/2022-deloitte-nascio-study-cybersecurity-post-pandemic.html

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...