A Year to Focus on 3 Crucial Cybersecurity Issues – Governing
Every year around this time, some of those immersed in the world of cybersecurity begin making predictions about what their landscape will look like in the new year. I’ve participated in a few of these exercises over the years but always felt they were a bit disingenuous because making predictions like this is a bit like black magic. It’s either very easy — “there will be more hacks by foreign actors next year” — or a quixotic shot in the dark, such as, “destructive new ransomware will bring global finance to its knees.” It’s always fun to go back 12 months later and see how many people were truly prescient, how many were just lucky and how many prognostications were simply absurd.
But instead of engaging in end-of-year cyber voodoo, I thought it would be more productive to focus on a few important things state and local governments could do in the coming year that would make their security programs better, and therefore their citizens more secure. These are all big, hairy and audacious goals (BHAG), but with some dedicated focus and purposeful strategic ambition, December 2022 could find state and local government organizations in a healthier security posture.
A top priority, as always, is finding the money to fund robust defenses. “The increasing escalation of cyber-attacks on state and local government organizations, and higher expectations of digital access by the public, necessitates an operational strategy that makes infrastructure refreshes and training a required component of base budgets. Cybersecurity performance is both people and technology,” said Henry Sobanet, former director of the Colorado Office of State Planning and Budgeting and currently senior vice chancellor and chief financial officer at the Colorado State University System.
There are dozens of other important cybersecurity issues that could realistically be in the BHAG inventory, but I’ve chosen to focus on three: addressing the cybersecurity staffing and talent gap, developing a cyber supply chain response strategy, and taking measurable steps on the journey to zero trust.
Avoiding a Downward Staffing Spiral
In a global survey of cybersecurity professionals published last summer by the Information Systems Security Association and the industry analyst firm Enterprise Strategy Group, 59 percent of respondents said their organizations could be doing more to address the cybersecurity skills shortage, and 57 percent said a shortage of those skills has impacted their organizations. This data indicates that the passive approach to hiring and retaining cybersecurity staff is failing and requires an active response.
Rich Schleip is the chief technology officer at the …….
Source: https://www.governing.com/security/a-year-to-focus-on-3-crucial-cybersecurity-issues