A recent paper by Cynergy Partners titled Cybersecurity Opportunities for the Public and Private Sectors highlights some of the key cybersecurity accomplishments and investments of the Biden administration in the U.S., and lays out recommendations for how to modernize and improve cybersecurity for government agencies, suppliers, as well as private companies that participate in this supply chain.
While the paper addresses the near-term challenges highlighted by recent breaches like SolarWinds Orion, Hafnium, and DarkSide ransomware, it focuses primarily on the opportunities to enact the transformational technology and organizational changes necessary to harden the nation’s infrastructure and protect against future attacks.
The research is timely given that a recent Sophos-commissioned survey by Vanson Bourne indicates that 74% of central government organizations experienced an increase in the number of cyberattacks last year, and 40% were hit by ransomware.
Interesting findings in the paper including summaries of major milestones including the Executive Order initiating a cybersecurity review of the nation’s supply chain, as well as the approval of $2B in IT and security modernization and personnel funding for GSA by the US Congress, CISA, and the Digital Service through the American Rescue Plan Act of 2021.
The report also includes insights and actionable recommendations across a number of key areas:
More Secure Supply Chains
Innovation and Modernization
Security Services
- Lack of cybersecurity expertise is a major challenge for government organizations with 62% of IT managers saying cyberattacks are now too advanced for their organization’s IT team to deal with on their own (source: Sophos). The authors recommend filling open cybersecurity leadership and operational positions in the government with entrepreneurs and operational technology experts from the private sector. This excellent idea is somewhat challenged by the current lack of IT cybersecurity expertise as indicated by the 33,000 currently open IT positions in the government and 470,000 IT positions open in the private sector. This is a challenge that is not going away and a great opportunity for MSP and MSSP service providers to deliver managed threat detection and response services to government and private industry that doesn’t otherwise have the skills.
- This is also supported by the paper’s recommendation that the government needs to enhance its cybersecurity capabilities to better monitor, detect, and respond to threats utilizing innovative cybersecurity technologies across agencies and it’s suppliers.
Compliance and Certification
- The paper recommends requiring government and private sector adherence to clear cybersecurity standards, compliance regimens, and product certifications, especially for government suppliers. This suggests that cybersecurity vendors, partners, and their supplies should focus on getting compliant now with key initiatives like FedRamp, NIST, ISO, and CMMC.
To learn more, read