Federal agency CIOs and CISOs need to shift how they invest in cybersecurity — focusing on protecting information, rather than systems — without sacrificing attention to the weakest part of their networks: end users operating on the endpoint.
The collision of two megatrends over the past five years is driving that need: Technology advances in mobile computing, and the proliferation of cyberattacks. Mobility has the potential to make end users far more productive. However, 95 percent of all data breaches start at an endpoint because people are the weakest links in security.
A new FedScoop Tech Brief delves into the importance of securing data and the endpoint, and how to align a security strategy with the business and employee productivity needs of an organization.
Hackers go where the value is
The value of data has increased astronomically over the past two decades, and more bad actors are trying to infiltrate and extract that data than ever before. For a long time, criminals focused primarily on stealing credit card information; now hackers have moved on to stealing personally identifiable information (PII) for resale — everything from personnel to health records — and more recently to seizing enterprise data and holding it for ransom, as in the WannaCry attack earlier this year.
“The first step in any attack is getting in the front door, and we in the security industry are not doing a great job of keeping the door shut,” said Brett Hansen, vice president of data security solutions at Dell.
Companies and government agencies have spent billions of dollars on cybersecurity — the White House budgeted more than $19 billion for it in Fiscal Year 2017. Yet we still have very porous front-end protection for endpoints, Hansen said.
The sheer volume of malicious attacks is forcing CIOs to rethink security strategies. Scanning traffic for known malware is no longer viable, with the more than 500,000 different pieces of malware created every day. No matter how frequently malware references are updated, systems can’t keep up.
The mobile computing revolution is compounding the assault on enterprise data systems. With more employees using more devices — and often their own, rather than provided by their agency or organization, the importance of security at the endpoint continues to grow exponentially.
Balancing cybersecurity priorities with business needs
The Tech Brief presents recommendations for how agencies and organizations can erect strong security controls without hindering employee productivity. Whether it’s because security slows down the network or employees have to follow more procedures, enhanced protection can decrease the productivity gains mobility offers.
Educating employees about safe cyber hygiene can help. More importantly, developing a more strategic security posture requires a holistic view that aligns data security procedures with employees’ and the agency’s business and mission objectives.
CIOs and their IT security teams need to know where different networks in the organization touch, and how many of those networks can be reached from a given endpoint. It is important to consider if critical networks for sensitive information can be reached by hacking into non-sensitive systems (for example, is constituent PII accessible via an HVAC or environment control system?)
Download the Tech Brief, “Balancing federal data protection and productivity” for more endpoint defense tactics and recommendations to keep bad actors out while optimizing employee productivity within government organizations.
For more on digital transformation in the federal government, visit FedScoop’s special Digital Transformation Heroes series.
This article was produced by FedScoop for, and sponsored by, Dell EMC.