Widespread breaches by hostile actors, the rising number of remote employees and bring-your-own-device (BYOD), the
growth of software as a service (SaaS), and cloud migration have rendered perimeter-based security obsolete. The Zero
Trust approach to cybersecurity — now mandated by a Presidential Executive Order — is growing rapidly in the public
sector. Zero Trust shifts security away from the perimeter, and closer to an organization’s most valuable assets.

[…]

IT and security teams have certainly risen to the occasion to keep organizations and their employees productive through one of the wildest years in history. Humans are resilient creatures, and those in the technology world certainly did not disappoint. But as the world begins to recover from it all, technology has evolved with some notable changes, requiring organizations to rethink many of their operational fundamentals.

[…]

Prior to the COVID-19 pandemic, about 80 percent of Federal agencies were using more than one cloud platform, and 85 percent said the pandemic amplified the importance of moving to a hybrid cloud environment in order to improve government
resiliency. The Biden administration’s May 2021 cybersecurity executive order further amplified the push for cloud computing, as the president called on agencies to accelerate their movement to secure cloud services.

[…]

Federal agency efforts to improve IT operations are graded each year via the FITARA Scorecard, which measures progress against the objectives laid out in the Federal Information Technology Acquisition Reform Act (FITARA), a comprehensive piece of legislation designed to create greater transparency and improve risk management in Federal IT.

[…]

From ransomware to malware to hackers trying to break through barriers inside and outside of the network, no industry is immune to bad actors finding ways around traditional cybersecurity, including the Federal government.

[…]

The Federal government and our economy run on data, so it must be available, trusted, and most of all secure. These three requirements are inextricably linked, and a string of high-profile and damaging cybersecurity events in the last year have made this fact crystal clear.

[…]

The safety and security of our critical infrastructure has never been more important than it is today. Adversaries have advanced capabilities and are constantly targeting these systems; consequently, investments in cyber security are expected to top $17 billion in 2021. Still, continued investments in new solutions will not realize their full potential unless foundational capabilities are in place.

[…]

The SolarWinds Orion breach sent powerful shockwaves through the public sector IT community already on heightened alert throughout the pandemic. The event was a powerful reminder of continued escalation of the threat landscape. It also, however, presents an ideal opportunity to rethink public sector cybersecurity strategies and accelerate the adoption of zero-trust architectures across the enterprise.

[…]

Once an agency establishes its vision for zero trust and begins to shift the collective mindset to “never trust, always verify,” a series of tactical steps can ease the zero trust journey by breaking it down into manageable, incremental components.

[…]

This guide lays out a practical approach in five phases for implementing Zero Trust for the Federal Workforce, which comprises
an agency’s users and their devices, and how they access applications.

[…]

Advanced, software supply chain attacks have a vast and rippling impact. By
injecting malicious code into an otherwise legitimate software update, bad
actors infected over 18,000 conscientious SolarWinds customers.

[…]

By mimicking the behavior of real-world attackers, the ATT&CK framework helps IT, information security and compliance organizations effectively assess risks, identify security gaps and eliminate vulnerabilities.

[…]

Empower your team with integrated automation to manage security vulnerabilities, servers, and network devices across your hybrid environment.

[…]

Faced with ever-evolving cyberattacks, federal agencies and other critical enterprises work tirelessly to provide secured applications and systems against sophisticated actors. Cyber-operators, however, are overwhelmed, and the scale and complexity of attacks make it impossible to investigate all identified incidents.

[…]

After several high-profile data breaches involving Federal agencies and an overnight acceleration into remote work, Federal IT leadership found themselves quickly rethinking their cybersecurity posture. But, lasting change can’t happen instantaneously. It is a
journey.

[…]

It’s time to adopt an “assume-breach” mindset to detect and isolate adversaries before they traverse your network and inflict serious damage. An assume-breach mindset means thinking like an attacker.

[…]

A look at why asset management – once a pure IT play – matters for cybersecurity, and how federal IT and security teams can both benefit from cybersecurity asset management.

[…]

The February 2021 hack of a water treatment plant in Oldsmar, Fla. – likely via a shared application – could have resulted in the poisoning of thousands of people, absent the observational skills of a supervisor who witnessed unusual network activity.

[…]

At the end of 2019, I came to two realizations… The first: There has never been a better time to be a cybercriminal. The second: Only teams of defenders that are focused on proactively disrupting adversaries will win. In the months that followed, both theories have proven to be correct.

[…]

Despite the incredible technologies available in cybersecurity today, security teams still struggle to get accurate answers to asset-related questions. While the tools we use can give us individual pieces of the asset puzzle, information lives in many different silos – this makes it difficult to ask simple questions that span the many data sources.

[…]

1 2 3