Today marks the start of National Cyber Security Awareness Month and the fifth anniversary of the Stop.Think.Connect campaign, the federal government’s initiative to educate Americans on how to be safer online.
To demonstrate the gravity of our current cyber security landscape, simply start asking around. Not only are our national security and economy threatened, but also our neighbors, our friends, our family and ourselves. In the past year alone, we’ve seen cyber attacks on some of the largest and most trusted companies and government organizations that hold our sensitive information. The federal government in particular faces significant challenges when it comes to cyber security, including inadequate funding, a shortage of skilled workers and legacy technology, all of which can prohibit agencies from moving at the speed and scale necessary to detect and stop a cyber attacker in real time. Cyber security truly is a shared responsibility, and the private sector has a critical role to play in helping the government protect its employees’ data and the data of its customers — the American people.
That is why Tanium works closely with a variety of agencies across the government, from civilian to intelligence. Tanium recently provided recommendations to the American Council for Technology and Industry Advisory Council (ACT-IAC) on how the federal government can improve its cyber security posture. By applying these recommendations, government agencies will be better protected and, therefore, better able to protect the public. Here are a few of the recommendations we provided:
- Address Basic Cyber Hygiene
Recent statistics illustrate that organizations at every level remain highly vulnerable to cyber attacks and are struggling to implement even basic protections. IT officials must work effectively with both security and IT operations teams to shrink an organization’s attack surface, which means issuing critical patches rapidly throughout the entire network infrastructure as needed, as well as enforcing ongoing security hygiene at scale to ensure the status of every connected device is known and available at all times.
- Adopt Flexible, Fast, Scalable Solutions
During the course of day-to-day business, certain risks must be accepted in order to ensure productivity and operational continuity. These risks are sometimes obvious but can be very difficult to identify and track in order to monitor and remediate accordingly. Organizations need to adopt technologies that can produce a complete inventory and audit of every globally distributed IT asset at any scale and within seconds. Platforms also need to be flexible to adapt to changes as methods, approaches, technologies and behavior evolve over time.
- Accelerate Incident Detection and Response Time
Legacy tools are generally incapable of providing accurate visibility and control across the environment at speeds faster than those at which malware can propagate and adapt. In order to effectively accelerate incident detection to response times, solutions must be able to provide accurate and complete data — both current and historical — in seconds. Information that is hours, days or even weeks old is simply worthless in this struggle against time.
- Assure Visibility, Control and Compliance
Organizations need solutions that provide the ability to rapidly detect unmanaged assets joining their network so that they can swiftly investigate the assets’ origin and take the necessary action as quickly as possible. Technology platforms also need to provide the necessary level of control to quickly enforce compliance and consistency across every new system coming under management. This will help ensure violations are quickly corrected so that there is no lapse in an agency’s IT security posture.
In the face of constantly evolving, 21st century global cyber security threats, federal agencies need a fundamentally new approach to cyber security. Recognizing the importance of cyber security awareness this month is important, and we will continue working with our public sector partners throughout the year to protect Americans from cyber attacks.