Understanding Federal Cybersecurity Strategies. Best Practices For Agencies In a World of Expanding Risk

Similar documents
Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Best Practices in Securing a Multicloud World

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Table of Contents EXECUTIVE SUMMARY AND MAJOR FINDINGS...3 INTRODUCTION...8 THE EXPANSION OF THE ATTACK SURFACE...10 ATTACKER BEHAVIOR...

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

Continuous protection to reduce risk and maintain production availability

Cisco Start. IT solutions designed to propel your business

KNOWLEDGE GAPS: AI AND MACHINE LEARNING IN CYBERSECURITY. Perspectives from U.S. and Japanese IT Professionals

Cyber Attacks & Breaches It s not if, it s When

Hybrid IT for SMBs. HPE addressing SMB and channel partner Hybrid IT demands ANALYST ANURAG AGRAWAL REPORT : HPE. October 2018

Technical Review Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform

FOR FINANCIAL SERVICES ORGANIZATIONS

Water Provider Relocates, Modernizes Data Center

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

White Paper. View cyber and mission-critical data in one dashboard

Accelerate Your Enterprise Private Cloud Initiative

Cisco Cloud Services Router 1000V and Amazon Web Services CASE STUDY

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

Security in India: Enabling a New Connected Era

Vulnerability Management Trends In APAC

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

THE POWER OF TECH-SAVVY BOARDS:

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Cisco Collaboration Optimization Services: Tune-Up for Peak Performance

Symantec Security Monitoring Services

Deploying Cisco SD-WAN on AWS

SD-WAN. Enabling the Enterprise to Overcome Barriers to Digital Transformation. An IDC InfoBrief Sponsored by Comcast

THALES DATA THREAT REPORT

Security and Privacy Governance Program Guidelines

The State of Cybersecurity and Digital Trust 2016

PAIN AND PROGRESS THE RSA CYBERSECURITY AND BUSINESS RISK STUDY

THE CYBERSECURITY LITERACY CONFIDENCE GAP

Cisco Smart Business Communications Systems. Cisco Small Business Unified Communications 300 Series

CYBERSECURITY RESILIENCE

with Advanced Protection

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

How to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.

ALTITUDE DOESN T MAKE YOU SAFE. Satcom Direct s Comprehensive Cyber Security Portfolio for Business Aviation

Cisco Stealthwatch Endpoint License

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

An ICS Whitepaper Choosing the Right Security Assessment

Roadmap to the Efficient Cloud: 3 Checkpoints for the Modern Enterprise

RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE

NEXT GENERATION SECURITY OPERATIONS CENTER

Build Your Zero Trust Security Strategy With Microsegmentation

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

PREPARE & PREVENT. The SD Comprehensive Cybersecurity Portfolio for Business Aviation

Borderless security engineered for your elastic hybrid cloud. Kaspersky Hybrid Cloud Security. #truecybersecurity

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

Cognizant Cloud Security Solution

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Transforming Security from Defense in Depth to Comprehensive Security Assurance

RSA Cybersecurity Poverty Index

Predictive Insight, Automation and Expertise Drive Added Value for Managed Services

Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

Sustainable Security Operations

Automating the Top 20 CIS Critical Security Controls

Prestigious hospital. Outdated network.

RSA INCIDENT RESPONSE SERVICES

Logistics Company Improves IT Uptime and Management

DIGITAL TRANSFORMATION IN FINANCIAL SERVICES

Gujarat Forensic Sciences University

INTELLIGENCE DRIVEN GRC FOR SECURITY

Cisco Connected Factory Accelerator Bundles

2015 VORMETRIC INSIDER THREAT REPORT

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Instant evolution in the age of digitization. Turn technology into your competitive advantage

DATACENTER SERVICES DATACENTER

Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape

Keys to a more secure data environment

RSA INCIDENT RESPONSE SERVICES

Building a Threat Intelligence Program

Cybersecurity. Securely enabling transformation and change

Symantec Data Center Transformation

Cisco Payment Card Industry Compliance Services

MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

align security instill confidence

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Training and Certifying Security Testers Beyond Penetration Testing

To Audit Your IAM Program

Smart Data Center From Hitachi Vantara: Transform to an Agile, Learning Data Center

FROM TACTIC TO STRATEGY:

Changing the Game: An HPR Approach to Cyber CRM007

TEL2813/IS2820 Security Management

IT Needs More Control

ForeScout Extended Module for Splunk

The Cisco HyperFlex Dynamic Data Fabric Advantage

MITIGATE CYBER ATTACK RISK

Uncovering the Risk of SAP Cyber Breaches

WHITE PAPER. The General Data Protection Regulation: What Title It Means and How SAS Data Management Can Help

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Transcription:

Understanding Federal Cybersecurity Strategies Best Practices For Agencies In a World of Expanding Risk

Executive summary Are you confident in your agency s cybersecurity? Do you think you are detecting and repelling every attack against your network? Are your policies strong, your tools robust and your leaders supportive? How do you know? In fact, Federal and Defense agencies are in many cases still stuck in old habits, missing out on the greatest potential of security. You may be among the many who need to rethink their approach to cybersecurity, from planning to acquisition to implementation and beyond. In this paper, you will learn some of the crucial key strategies that the most forward-thinking Federal and Defense agencies and other organizations use to stay ahead of the everchanging universe of threats and risks. The Cisco 2017 Annual Cybersecurity Report documents an information technology environment that is under constant threat from an ever-shifting landscape of attackers, and a cybersecurity posture that still has serious gaps. In the Sector specifically, organizations often rely on cybersecurity approaches that address specific concerns without fitting into a larger, big-picture view. This might be effective against a particular hack, but it does not contribute to a holistic cybersecurity strategy. In this paper 1, you will learn: Why an enterprise architecture approach to cybersecurity is the best strategic choice; The real key to security: it isn t just policies, tools and leaders; How the threat landscape is changing, and what is driving the changes; How to think about cybersecurity in a new way. 1 The Cisco 2017 Security Capabilities Benchmark Study, reported and analyzed in the 2017 Annual Cybersecurity Report, was conducted in 2016 across 13 countries with more than 2900 respondents. For this white paper, we will consider only responses from the Sector (433 respondents) and the Sector (59 respondents). 2 2017 Cisco and/or its affiliates. All rights reserved.

Security architecture Sector organizations often still rely on cybersecurity strategies that may not be adequate for today s threat environment. Sector organizations are more likely to make cybersecurity purchasing decisions project by project (54 percent), rather than taking an enterprise architecture approach (28 percent). This best-of-breed approach is usually driven by reaction to attacks, rather than a systematic part of a plan. It usually solves the problem at hand, but it doesn t contribute to an integrated security architecture. How organizations purchase threat defense solutions Percent of organizations You typically follow a project-based approach (e.g. best-of-breed point products) 46 54 You typically follow an enterprise architecture approach You deploy point products as needed 14 12 28 39 You only deploy to meet compliance or regulatory requirements 4 3 0 10 20 30 40 50 60 You can enhance your protection, then, by simplifying your collection of security tools into an integrated and interconnected security architecture. The integrated tools working together in an automated infrastructure frees up personnel time to address more complex problems. By assessing the security systems you already have, and planning upgrades to fit into an overall strategy rather than simply reacting to an immediate concern you can gain the advantages of an architecture without a big capital outlay up front. An architecture strategy paves the way for systematic, planned expansions that extend the benefits of various cybersecurity products, practices and tools to the entire organization, while preparing you for the next new attack. For help, you can consult the National Institute of Standards and Technology s Cybersecurity Framework, which lays out best practices and policies. It is important to understand that the Cybersecurity Framework is only guidance, not a step-by-step roadmap. Organizations must customize it to fit their own individual circumstances. Used correctly, though, it helps you understand, manage and reduce your cybersecurity risks. The Framework help you determine your most urgent needs so that you can intelligently prioritize the investments you make. NIST now has new tools that allow you to assess your organization against the Framework, and to guide your planning, making it even easier to harness the document s power. 3 2017 Cisco and/or its affiliates. All rights reserved.

NIST s new Baldrige Cybersecurity Excellence Builder (co-sponsored by Cisco) blends organizational assessment techniques from NIST s Baldrige Performance Excellence Program with the Cybersecurity Framework. Released late in March 2017, the BCEB gives you tools to gauge how effective your cybersecurity efforts are, and to spot opportunities for improvement. However you approach the opportunity, understand that Federal agencies need a foundational, platformbased approach to cybersecurity. Reacting to the latest data breach to hit the news by hurriedly implementing yet another point solution might feel natural; but as a substitute for a strategy, it leads to a patchwork of solutions from multiple vendors, which ultimately only adds complexity without improving security. Granted, agencies are hampered by various factors when they try to implement advanced technologies. Money and resource shortages are two big ones. The top five hurdles to adopting advanced cybersecurity technologies that Sector respondents named are: Budget (46 percent) Current workload too heavy for new projects (29 percent) Want to see them proven in the market before buying (27 percent) Organizational culture/attitudes about security (27 percent) Lack of trained personnel (27 percent) 4 2017 Cisco and/or its affiliates. All rights reserved.

Attackers find a bigger playing field Mobile devices, cloud infrastructure and user behavior are all high on the list of worries that security professionals cited in Cisco s third annual Security Capabilities Benchmark Study. The concerns are reasonable: more mobile devices mean more endpoints to protect. Cloud computing extends the security perimeter. Users are perennially hard to predict and/or train to avoid risky behavior. Federal agencies are carrying out mission-critical activities over their networks, safeguarding sensitive and secret information, and conducting operations that concern the safety and welfare of the nation; keeping those networks safe is their top concern. But as Federal agencies and other Sector organizations embrace digitization and, in the near future, the Internet of Things, the potential attack surface will grow ever larger. Consider these findings from the most recent Cisco Visual Networking Index (VNI) report, titled The Zettabyte Era Trends and Analysis: Annual global IP traffic will reach 2.3 zettabytes per year by 2020. (A zettabyte is 1000 exabytes, or 1 billion terabytes.) That number represents a threefold increase in global IP traffic from 2015. Wireless and mobile devices will account for 66 percent of total IP traffic by 2020. From 2015 to 2020, average broadband speeds will nearly double. Meanwhile, three of the most commonly used exploit kits Angler, Nuclear, and Neutrino have vanished, leaving the field wide open for new and less familiar tools to take their place. Indeed, new tools are already emerging to fill the gaps that are more sophisticated than their predecessors. In one sense, this is good news; companies like Cisco who offer powerful security measures from the network s core to its most remote edge, are making it harder for attackers to succeed, making their work more complex, harder and more expensive. However, that also means the arms race metaphor that has long characterized the continual evolution of safeguards and attacks is going to stay apt for quite some time to come. Of course, the threat landscape is far bigger than malware scripting kits. Attackers are targeting every possible vector with a wide swath of techniques and strategies, with motives ranging from espionage to simple theft. See the Cisco 2017 Annual Cybersecurity Report for a detailed assessment of the range of threats. 5 2017 Cisco and/or its affiliates. All rights reserved.

Execution: The key to effective cybersecurity With the attention brought by recent high-profile data breaches in Federal agencies, leaders in all organizations are feeling a new sense of urgency. Most respondents from organizations, whether - or Sector, believe their senior leaders have a good grasp on cyber threats, with the private sector showing a slight edge. The vast majority of respondents agree or strongly agree that their senior leadership teams consider security to be a high priority (98 percent Sector, 93 percent Sector), and have established clear metrics to evaluate the effectiveness of cybersecurity programs (97 percent to 95 percent). Opinions of executive leadership Percent of organizations 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% 60 51 66 61 42 39 32 32 41 39 36 Cyber risk assessments are routinely incorporated into our overall risk assessment process Executive leadership at my organization considers security a high priority 56 56 61 54 My organization s executive team has established clear metrics for assessing the effectiveness of our security program 39 Security roles and responsibilities are clarified within my organization s executive team Strongly agree Somewhat agree Somewhat disagree Strongly disagree Considering only the strongly agree responses, both sectors slightly edge out the global result of 59 percent on the question of whether executive leadership considers security a priority. security professionals also trust their tools. Globally, more than two-thirds of security professionals perceive their security tools as very effective or extremely effective. For example, 74 percent believe their tools are very or extremely effective in blocking known security threats, while 71 percent believe their tools are effective at detecting network anomalies and dynamically defending against shifts in adaptive threats. The Sector boasts even more confidence, while the Sector lags slightly. Eighty percent of Sector organizations believe their tools are effective or extremely effective at blocking known threats, while only 66 percent of Sector organizations do. On the question of detecting network anomalies, those numbers are 77 percent and 69 percent, respectively. Working hand-in-hand with leadership and cybersecurity tools, policies set the rules for access, use and protection of IT and networks. Again, the majority of respondents are confident their organizations have set the appropriate policies. 6 2017 Cisco and/or its affiliates. All rights reserved.

Access control, protection of computer facilities and inventorying of information assets are all part of security policy setting, and in all of those categories and more, almost all respondents in organizations strongly or somewhat agree their policies are good. Even the insider threat, which has been recognized as a serious worry for only the past few years, is addressed in human resources policies (such as pre-hire vetting), and in processes for handling employee transfers and departures (to control that employee s access to systems once his or her status changes to one where such access is no longer appropriate). Opinion of security policies Percent of organizations 100% 90% 80% 70% 63 58 62 59 56 46 60 63 50 44 60% 50% 40% 30% 20% 35 39 36 39 42 42 37 31 46 47 Strongly agree Somewhat agree 10% 0% Somewhat disagree Strongly disagree Access rights to networks, systems, applications, functions and data are appropriately controlled Computer facilities within my organization are well protected Information assets are inventoried and clearly classified Technical security controls in systems and networks are well managed We do an excellent job of managing human resources security However, while leadership prioritization, strong policies and confidence in the tools are important pieces of the puzzle, they do not in and of themselves guarantee effective security. The master key is execution. No plan can be good enough to overcome poor execution. No policy can be great enough to matter if the organization ignores it in practice. From policy to effective cyber Think about it this way: Just what is it that makes cybersecurity programs effective? How would an architecture approach make the difference? A security architecture shapes an ongoing cybersecurity plan, one which can evolve and adapt as the threat landscape changes, without compromising the larger strategic goal of simplifying and automating security processes to ensure capable execution of policies. 7 2017 Cisco and/or its affiliates. All rights reserved.

It also simplifies the metrics that you need to chart in order to gauge the effectiveness of your architecture, spot capability gaps and improve performance. You need to pay attention to two sets of metrics. Operational Incident Metrics show how effective your cybersecurity plan actually is. Time to detection of a breach, and time to remediation of the damage, are common operational metrics. You also should measure program metrics implementation of dual-factor authentication, for example, or progress on ongoing modernization projects. Which measures matter will vary from one organization to the next, but tracking them will ensure your execution remains sharp and efficient, and that lapses are found and fixed fast. Conclusion and recommendations Today s rapidly expanding attack surface demands an integrated approach to security. An analysis of data from Cisco s Security Capabilities Benchmark Study reveals patterns and decisions that help organizations minimize risk. Our analysis found several key drivers and several safeguards that characterize organizations with strong security. They are: Drivers Executive leadership: The top leadership must prioritize security. This is critical for the mitigation of attacks, as well as their prevention. The executive team should also have clear and established metrics for assessing the effectiveness of a security program. Policy: Controlling access rights to networks, systems, applications, functions, and data will affect the ability to mitigate damage from security breaches. In addition, policies to ensure a regular review of security practices will help prevent attacks. Protocols: The right protocols can help prevent and detect breaches, but they also have a strong relationship to mitigation. In particular, regular reviews of connection activity on networks, to ensure that security measures are working, are key to both prevention and mitigation. It s also beneficial to review and improve security practices regularly, formally, and strategically over time. Tools: The judicious and appropriate application of tools has the strongest relationship with mitigation. With tools in place, users can review and provide feedback that is vital to detection and prevention as well as mitigation. Safeguards Prevention: To minimize the impact of security breaches, employees must report security failures and problems. It s also crucial for security processes and procedures to be clear and well understood. Detection: The best detection methods for minimizing the impact of breaches are those that allow organizations to spot security weaknesses before they become full-blown incidents. To accomplish this, it s vital to have a good system for categorizing incident-related information. Mitigation: Well-documented processes and procedures for incident response and tracking are key to effective breach mitigation. Organizations also need strong protocols to manage their response to crises. These drivers and safeguards are mutually interdependent. Security professionals must incorporate all of them in order to seriously attack cyber risk. Your key goal is to reduce the attack surface available to adversaries, and to quickly detect intruders in the network. It is not possible to stop every attack, but by closing the operational space in which the attackers work, you can make it nearly impossible for attackers to reach critical systems and data undetected. Learn More cisco.com/c/en/us/solutions/industries/government/ defense-cybersecurity.html Americas Headquarters Cisco Systems, Inc. San Jose, CA Asia Pacific Headquarters Cisco Systems (USA) Pte. Ltd. Singapore Europe Headquarters Cisco Systems International BV Amsterdam, The Netherlands Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback