One of the most pressing challenges that government entities and the public sector now face is how to secure existing legacy IT systems without the budgetary, labor or infrastructure resources required to upgrade them. Long cycles for modernization initiatives along with the difficulty of talent acquisition and retention are made even more complicated due to recent impacts of COVID-19 and remote work.
Even when new staff and new technology are included in the roadmap, the transition time is inevitably longer than the window of risk exposure that can be afforded. One solution is to build resilience into existing infrastructure. The concept of cyber resiliency is an evolving one, but in essence the intention is to fortify critical structures so that they can operate continuously and without disruption, even when under attack. Effective cyber resiliency ensures data protection as well as operational and business continuity – going beyond traditional cybersecurity defense to build a more adaptive, proactive, and embedded security stance.
Competing IT Concerns Impacting Government Cybersecurity
Worldwide government IT spending is forecast to total $438 billion in 2020, a decrease of 0.6 percent from 2019, according to the latest forecast by Gartner published this month. While this drop does not seem significant at first glance, it provides additional context to the cybersecurity talent shortage in government and the public sector. Given this, one of the biggest issues currently facing government IT managers is how to harden existing legacy systems without the budgetary resources needed to upgrade them or the labor resources to support them.
Piling on more traditional tools that add even more alerts for overworked analysts to sort through and prioritize is not the answer. We know that the overwhelming haystack of alerts, with little guidance on how to prioritize, can be a thankless chase and even a morale problem.
In the new paradigm,
- Attacks are detected and blocked automatically at run time – with the solution serving as an immediate patch and compensating control, regardless of whether the vulnerability was previously known or unknown.
- Rich contextual incident response data, indicating what, when and how the attacker attempted to compromise the system is provided immediately.
- Fighting through the threat; cyber resiliency measures can immediately detect and block a threat actor without impairing system functionality
This is game-changing for SecOps leaders and front-line practitioners alike. Staff are immediately armed with the digital forensic response data that enables them to contribute at a higher task level while a protective bridge to patch deployment overcomes long lead time, limited resources and noncompliance that form the perennial void in traditional patching. Ability to protect legacy code and work in air gapped environments without code modification, external analytics or signature feeds are added bonuses.
This is why many organizations are instead prioritizing a form of cyber resilience that brings the above capability into their IT applications.
Building Cyber Resiliency Into Your Organization Amid an Evolving Threat Landscape
The definition of cyber resiliency matters. As advanced threats and attacks continue to bypass traditional layers of security that focus on guarding the perimeter, organizations require capability for runtime speed, and coverage of exposed areas that thought-leaders from Gartner, NIST and MITRE recognize as a point of convergence for modern-day threat vectors.
Runtime protection is a critical aspect of cyber resilience because today’s most damaging and fastest-growing attacks use fileless and memory-based techniques, bypassing conventional perimeter security and exploiting application vulnerabilities largely undetected until it’s too late.
Furthermore, if organizations ensure that systems can defend themselves against advanced attacks in these areas, then the risks involved with a transition to off-disk, off-prem, or a hybrid cloud model are also greatly reduced. The disappearance of traditional network perimeter and the disaggregation of networks and applications make this a mandatory capability according to Gartner’s 2019 cloud workload protection survey. While runtime memory protection is essential for all market sectors seeking to reduce risk in this transition, it is particularly important for the public sector where so many missions are tied to high-value data sets and safety-of-life-critical systems.
Organizations that can take first steps to build in cyber resiliency, such as continuously securing their legacy applications with self-patching, automated compensating controls and deeper visibility, will gain the flexibility to transition to new environments and upgrade in a low-risk manageable fashion through their IT modernization journey.