One of the other things that I do other than technical
writing and podcasting is that as a secondary line of business, I also sell
other Cybersecurity related services. This includes everything from Pen Testing
to doing Compliance Work to Threat Hunting, to even doing Vulnerability Scans.
Sometimes I have had luck with it, and sometimes not. A lot
depends on the level of interest and timing. But the one common thing that I do
get is pushback, and it can be hard.
For example, there is one Cyber product that I am selling,
and it is very affordable for the SMB. Even despite this, many SMB owners
simply say to me: “I am not interested,
because if I have not been hit before, I won’t be ever.”
That is a rather farfetched statement to make, but it is what
it is, I guess. But in a sharp comparison, the good news now is that the
government sector, believe it or not is actually taking more proactive steps to
protect their boundaries.
This was discovered in the recent study entitled “2022
Deloitte-NASCIO Cybersecurity Study”. What are some of the catalysts that are
driving this unexpected trend? Here are some of the indicators:
1)
People are taking notice:
Believe it or not, it is your local
politician that is taking note of the increased in the Cyber landscape that is
unfolding. In fact, another recent trend I have noticed is the increased number
of legislative bills that are being introduced in some of the states. In fact,
some 44% of the states have allocated a budget in order to have a dedicated
CISO on their side. But the study did find that many of the states do not have
an intelligence or data sharing program yet put into place. Hopefully, that
will change when the new state CISO comes on board.
2)
The purses are opening up:
Another startling discovery: States
are actually spending more money on Cybersecurity. Now, it is not a huge amount
by any means, but it is certainly a good start. The bad news is that many state
elected leaders still do not where the spend is going, which is not good. But
all in all, it is reported that some 30 states are letting go of being a miser
when ti comes to Cyber.
3)
Priorities are getting more attention:
In the past, just trying to get
something out of the C-Suite in terms of the financial help was the main
attention getter for the state. But now since that budgets are loosening a bit now;
the focus has now shifted to combatting the actual threat variants themselves. Also,
trying to replace legacy security technology and increasing Cyber staffing are
now of top concern, along with securing Critical Infrastructure.
4)
Compliance kicking into gear:
When the COVID-19 pandemic first
hit, many of the data privacy laws such as those of the GDPR, CCPA, HIPAA, were
not being enforced, so that they companies could conserve their cash flow to
keep moving forward. But with what appears to be that the pandemic is now over,
the enforcement actions have kicked into high gear. Of course, nobody wants to
be audited and pay huge fines, so the states are now hiring virtual based
Privacy and Data Officers to help out with any sort of compliance related
issues.
5)
More collaboration:
This
one of the key areas in Cybersecurity that is still lacking. Many of the IT
Security teams of today are still
working in a siloed approach, but there are efforts to tear these walls down,
by making use of DevSecOps. In
the public sector, the state level CIO does not have many contacts with other resources, such as the
educational sector. Only 35% of them have any direct contact with people like professors,
research institutes, etc.
6)
Cutting down the amount of time for actual
hiring:
At the present time, it takes a
horrendous amount of time to hire a Cyber professional for a state level job. Some
this can be attributed to conducting background checks and the overall bureaucratic
nature of the process. For instance, 46% of the CISOs reported in this survey
claim that it takes six months or greater to hire somebody for their staff. So
many states are now hiring contractors to counter the time in what it takes to
hire somebody directly. In fact, there is some success with this, as the need
to outsource to MSSPs has increased by 78% just this year alone.
My Thoughts On This:
It seems like to me that with Biden as President, the
understanding of how important Cybersecurity is to our nation is starting to
pick, especially with this recent Executive Order. But unfortunately, the
government at any level will be too slow to respond to a direct security breach.
This is where the private sector can come into play. In
fact, there should be a consortium of Cyber vendors that can come in quickly
with first responders to help the government fight off and mitigate that
breach.
But this will involve creating more partnerships with the
private sector, something that the government IMHO has been slow in or is
unwilling to do. Also, the government needs to forge closer ties to the
academic sector, as this will be one of the best ways to get access to cutting
edge research. In fact, this needs to be done at all levels, by no means should
any intelligence not be shared with the relevant parties.
But all in all, at least things are starting to move forward
in some direction with the local governments. Hopefully, this manifests into a
triad of sorts: The academic, private
and government sectors. Once finally everybody can come together as one, this
will be one awesome triad, like the Trident nuclear missile.
Finally, you can download this report at this link:
https://www2.deloitte.com/us/en/insights/industry/public-sector/2022-deloitte-nascio-study-cybersecurity-post-pandemic.html
No comments:
Post a Comment