The recent U.S election was fraught with divisive rhetoric and rapidly changing priorities, but it also placed a new focus on cybersecurity as both parties took a hard line against digital threats.
As Infosecurity Magazine noted, however, cybersecurity issues that plagued both sides and may have impacted the election itself left security professionals reeling: Now, just 17 percent say they’re confident in the government’s ability to protect itself from cyberattacks, according to a recent Tripwire survey of RSA attendees.
It dovetails with a spike in overall IT security concerns, with 80 percent of respondents saying they’re more worried about current cybersecurity than in 2016. How do organizations cultivate confidence in a post-election world?
The Trickle-Down Effect for Cybersecurity Issues
Concerns about outside agency hacking and internal security issues have also impacted how companies see their own security infrastructure. While 60 percent said they “were confident in their organization’s ability to enforce foundational security controls,” almost the same number pointed to worries about intellectual property theft, the survey found. Another 54 percent expressed concern about brand reputation and nearly half spoke about the risks of internal security failures if employees lacked sufficient tech skill.
Cybersecurity issues extend beyond U.S borders. CSO Online stated the global cybersecurity index fell six points in 2016 to a score of 70 percent. A drop in the 2017 Risk Assessment Index is partially responsible for this overall loss: While companies remain confident in their ability to patch network vulnerabilities, they often struggle to discover these weaknesses before cybercriminals gain access.
The Government Lags Behind
It’s no surprise that issues with government security are causing headaches for security pros. Given the massive amount of data handled and stored by government agencies — everything from in-depth records of personal identifiable information (PII) to defense contracts and election results — seeing the government vulnerable suggests that any large enterprise is under similar threat. There’s some good news here, since government agencies are typically among the last to adopt new productivity or security controls, many private-sector organizations are often out in front when it comes to protecting sensitive corporate, consumer and employee data.
Nonetheless, all companies are beholden to government data, systems and security to some extent. All businesses must file taxes with the IRS, and thanks to the rise of electronic personal health information (ePHI), more and more organizations are subject to HIPAA compliance requirements, audits and evaluations. Simply put? If government servers aren’t safe, it’s hard for private IT security experts to bolster C-suite confidence.
Security Self-Esteem
But there are ways to improve security self-esteem. Cloud-based solutions are a solid start, since niche providers can now deliver defenses that are at least on par with in-house alternatives. In addition, these adaptable and often real-time security controls are better equipped to handle a network environment no longer defined by a hard-and-fast digital perimeter.
Another way to boost cybersecurity self-confidence? Discovering key weaknesses with rigorous pen testing. While companies do their best to internally evaluate internet-facing applications and tools, it’s easy to overlook small vulnerabilities that can become big problems — the recent rash of IoT-based DDoS attacks are proof that even small opportunities can be effectively parlayed into big gains for cybercriminals. Partnering with the right penetration testing provider offers an unbiased view of current systems and lets IT pros address problems directly rather that waiting for compromise to inform change.
Bottom line? Ongoing U.S. cybersecurity issues have shorted companies on confidence. While it’s impossible to force corrective information security action on government agencies, organizations can bolster their own self-esteem by leveraging cloud-based tools for active detection and taking a hard look at potential paths of network compromise.