Does Your Security Strategy Effectively Protect Your Agency?

FireEye.News

Cloud and mobile technologies have made it easier and more
cost-effective for federal agencies to quickly deliver on critical
missions. Yet, because these solutions are being used with greater
frequency, they are broadening the attack surface and giving
adversaries more potential targets.

For example, federal agencies are increasingly being pursued by bad
actors seeking to attack or exploit the valuable, sensitive data they
store. In fact, in the latest M-Trends report,
government is now ranked as the third most-targeted industry, up from
the seventh position in 2017.

A data breach or cyber attack can have a far-reaching impact on a
federal agency’s operational performance. It could affect citizen
data, causing loss of public trust, and may also result in agency
leaders having to testify and defend their cyber procedures to
Congress. There is also the risk of poor FITARA scores, causing
tarnished reputations.

The Need to Validate Security Effectiveness

The simple truth is that good cyber governance is a “must have,” and
that means federal agencies need tools that can measure and validate
security effectiveness to help pinpoint risks.

Measuring cyber security is difficult; IT environments have become
increasingly complex. Traditional operational metrics—such as cost and
ROI—don’t translate to security goals. And focusing on KPIs such as
incident numbers can lead to overlooking gaps.

Federal agencies must prove that their security investments are
working the way they’re supposed to, including being able to:

  • Continuously monitor and measure to ensure that security tools
    are working
  • Leverage frameworks like the NIST Cybersecurity
    Framework to avoid overlaps and gaps in security infrastructure
  • Validate cyber resiliency with data

For instance, many organizations believe their security investments
are delivering expected value by protecting critical assets, but the
reality is that they have already experienced a breach without knowing
it. And did you know that on average, 80%
of tools are misconfigured, leaving them underutilized at
default settings?

That’s why federal agencies require empiric evidence of how
effective their security controls are at protecting them against an
attack. And with this type of evidence, there can be better alignment
between CISOs and department leaders so they can better quantify cyber risk.

The good news is that there is a path forward to optimized security
effectiveness. Good cyber hygiene starts with creating more alignment
between CISOs and other agency leaders, coupled with ongoing,
quantified measurement and monitoring of security.

Continuous validation of security effectiveness ensures ongoing
cyber resiliency, no matter how the IT environment or attack landscape changes.

Learn more about quantifying security effectiveness by downloading
our 2020
Security Effectiveness Report.