Government Agencies and Cyber Hygiene
Research and statistics have shown that federal agencies have been and remain incredibly vulnerable to cyberattacks. This isn’t exactly breaking news and in fact, the number of cyber incidents reported by federal agencies grew more than 1,300% between 2006 and 2015, according to a June 25 article in the Columbus Dispatch. That’s a stunning increase, and by all appearances this issue has not gone away.
The article is based on a new report from the Senate Permanent Subcommittee on Investigations, which found that the Department of Homeland Security is among eight agencies that have failed to address vulnerabilities in their IT infrastructure, “leaving them susceptible to cyberattack and Americans’ personal information vulnerable to theft.” The story goes on to say that, even though Congress asked each agency to annually audit compliance with basic cybersecurity standards, most agencies are failing to comply with “even the most basic standards, including properly protecting personally identifiable information.”
“Despite all of the work being done to establish better situational awareness, agencies are still lacking certain basic elements required for effective cyber hygiene. And, as cyberattacks continue to increase in severity and occurrence, agencies must take the appropriate steps to manage and mitigate the risks associated with the fastest-growing crime of our time.”
-Columbus Dispatch
This really underscores the seriousness of cyber hygiene, which involves taking steps to improve online security.
The report from the Senate Permanent Subcommittee on Investigations does make recommendations aimed at securing government IT systems, such as urging federal agencies to consolidate security processes and capabilities. They also recommend empowering chief information officers to make organization-wide decisions regarding cybersecurity.
5 Cyber hygiene tips for Agencies according to GCN
To analyze and improve cyber hygiene, agencies should consider the following five tips from GCN, an organization that delivers technology assessments, recommendations and case studies to support public sector IT managers.
1. Be cognizant of all the assets and end points on the network. Before maintaining and securing critical IT infrastructure, you must be familiar with the ins and outs of the network.
Heureka plays a vital role in IT by helping create full data maps and inventory of systems including desktops, laptops and file shares. System inventory including all executable software can easily be created.
2. Use the full suite of resources. Most organizations, according to GCN, use only about 20% of their capabilities because of the inability or unwillingness to adopt new applications.
3. Have metrics in place to fully understand data. Organizations must find out what they have—less than 1% of unstructured data is analyzed, according to GCN—and define the metrics that matter in order to mitigate cybersecurity risks.
Heureka’s core strength is to provide deep understanding around unstructured data. Agencies and corporations share in their struggle to understand unstructured data which severely limits the ability to separate useful data from ROT (redundant, obsolete, trivial).
4. Automate! Human error can be reduced by using artificial intelligence and machine learning. It also can bring cohesiveness and consistency to responses, harmonize cybersecurity data for real-time solutions and allow IT staff to handle more complex tasks.
Heureka automates the process of risk intelligence by automatically classifying PII risk on a daily basis and tracking risk across time. Scheduled tasks free IT staff members from having to proactively run searches in order to perform file remediation.
5. Deploy real-time dashboards that configure real-time data. This can help agencies keep track of metrics and automated processes to drive efficiency and improve decision-making.
Heureka’s Intelligence Platform provides multiple at-a-glance dashboards including displays of the riskiest endpoints, 30-day risk trend, type of risk and endpoint overview of classification tagging. When inventory reports or searches are run, Heureka creates extension categories for rapid intelligence on the data returned.
Finally, Heureka reports to pre-built Tableau workbooks to help users further understand the make-up of their data as well as the ability to apply dollar figures to risk giving users actionable intelligence.
Taking Action With Cyber Hygiene
IT investments will continue to be wasted if agencies and organizations do not take a holistic approach to cybersecurity by first identifying data before tagging or classifying it, and then remediating (moving it offline, quarantining or deleting outright).
Heureka was developed to specifically address the growing need to gain control of and insight into critical, unstructured data that is both a value and a risk, and to improve upon the economics of a resource-intensive process to manage that data.
With data growing by an incredible 63% per year, data hygiene and cleanup should not be considered a one-time event.
Schedule your demo now for more information.