ThoughtLab's newly released cybersecurity benchmark study revealed that cybersecurity is at a critical inflection point across industries. Although 60% of public sector organizations studied scored at the mid-implementation level according to the NIST maturity framework, mutually reinforcing megatrends such as digital transformation, remote work, platform economy, IoT, multi-clouds, institutionalized cybercrime, cyber warfare, and new regulations make the cybersecurity landscape more complex than ever before.
It's no surprise, then, that 34% of these organizations do not consider themselves well prepared for the rapidly changing threat landscape.
Where should public sector leaders make pivots to bolster their cybersecurity performance in an era of escalating digital risks? We break down six actionable insights from the study here.
As public sector organizations digitally transform their operations, they often bring on new platforms, systems, servers, and applications that require new configuration and ongoing upkeep. All of this change creates greater room for configuration mistakes by teams that may be overwhelmed or under-resourced — mistakes that cyber criminals sniff out and act upon.
With the study showing misconfigurations being the root cause of the most significant attacks experienced by 49% of public sector organizations in the last two years, this area cannot be overlooked. It's important to effectively monitor these distributed systems by collecting telemetry from them and structuring automatic anomaly detection to pinpoint misconfigurations before they cause any harm. Human error will happen, but with the ability to observe everything and speed up problem resolution, misconfigurations do not have to lead to more breaches.
Consider outsourcing your SOC and threat intelligence
The survey found that the security operations center (SOC) and threat intelligence, two of the most resource-intensive cybersecurity functions, are most often outsourced. Some organizations outsource because they face cyber talent shortages, but cost is a driving factor as well.
Duc Lai, CISO at University of Maryland Medical System, was quoted in the ThoughtLab study report as saying, "It's quite costly to run your own SOC, and with the quality of the managed services provided nowadays, it's a better decision to invest in that type of service, especially to manage your endpoint detection and response."
Whether a public sector organization faces a lack of cyber talent, a budget shortage, or both, limitless detections for modern security operations and behavior-based rules in alignment with the MITRE ATT&CK framework are a powerful combination of cybersecurity functions that can reduce the probability of a breach.
Ensure your SIEM uses machine learning
The survey found that while 47% of public sector respondents are looking to replace or augment their current security information and event management (SIEM) strategy, only 12% say it is among their most effective investments. This rather low effectiveness score stems from having traditional SIEMs in place that do not provide advanced analytics powered by machine learning.
According to Mandy Andress, CISO at Elastic, "Today's IT environments provide a firehose of data. While traditional SIEMs can ingest a lot of data, newer XDR platforms [that unify SIEM, endpoint, and cloud security]... address broader security operations with several embedded capabilities including machine learning to draw out anomalies." SIEMs with machine learning are increasingly important to monitoring public sector workloads migrating to the cloud.
Harden OT-related attack surfaces
The public sector owns and operates infrastructure and fleet systems with growing internet of things (IoT) and operational technology (OT) vulnerabilities. As such, the survey found that organizations plan to invest over the next two years to harden these attack surfaces. Leaders will take different approaches, but again, according to Andress, "Fundamental security hygiene is still the best protection. Understand your environment. Change defaults, disable unnecessary services, default deny inbound network traffic, and patch."
Additional guidance — such as data collection and analysis, tech transfer from disconnected, intermittent, low-bandwidth (DIL) environments, compliance, and workforce assessment — can be found in the related blog 4 lessons from ‘Hack the Port' about ‘critical infrastructure' cybersecurity.
Consolidate tools and technologies with a platform
The survey found that nearly a third of organizations are adopting technologies that bring together capabilities that work as a platform, rather than relying on individual "best in breed" components. This is particularly true for organizations scoring in the early implementation and mid-implementation levels according to the NIST maturity framework — categories of which 66% of the public sector organizations surveyed fall into.
The consolidation of services on a proven platform not only boosts efficiencies and cost savings, it also provides a higher-quality approach and makes training easier. Commissioned research from Forrester Consulting underscores this point, where a single platform for observability and security was found to be 10x faster at half the price of standalone, incumbent solutions.
Make cybersecurity people-centric
Organizations that cultivate human-centric cybersecurity see fewer breaches and faster times to detect and respond. The study highlights five key steps to drive human-centric cybersecurity:
- Build human-security
- Create a culture attuned to cybersecurity
- Generate more effective cybersecurity awareness
- Recruit, upskill, and retain specialists
- Staff cybersecurity teams correctly
Download the full report
We encourage you to download the full report, Cybersecurity Solutions for a Risker World, and share with your public sector team. Like ThoughtLab, we hope this robust cybersecurity analysis will make an important contribution to the world by helping public sector and business leaders optimize their cybersecurity resources to succeed in today's new era of risk.
Interested in learning more about security at Elastic? Start your free trial today.