With recent large-scale cyberattacks causing data breaches and other problems for government agencies and private sector businesses, protecting networks against bad actors has never been more critical.
However, according to a recent survey, 83 percent of government cybersecurity officials believe their agency runs on a “assume breach” approach, which means they anticipate their systems will be hacked. Even more concerning, 50% believe that a “Cyber 9/11” will occur within the next ten years.
With creative technology developments and the trend to zero-trust architectures, which gained traction after President Joe Biden’s executive order on May 12, cybersecurity procedures have developed fast in recent years. However, 61 percent of technology officials believe their organisations are prioritising cyber resources focused on detection, containment, and repair under the “assume breach” approach. Only 39% said they are concerned about data breaches.
It’s time to reorganise your priorities.
When hackers are stopped before they can access sensitive data and systems—when a breach is avoided rather than mitigated—a more secure government emerges. The majority of IT executives agree: 88 percent believe that breach prevention should be the top priority for government cyber leaders.
The concept of zero vulnerability underpins breach prevention, which necessitates high-assurance design and implementation. Most network access devices can be developed using zero-vulnerability technologies and approaches to avoid security breaches. By putting the protection on the device itself, these solutions help reduce the human aspect that leads to catastrophic breaches.
The technology is already in place. Avionics and safety-critical devices such as commercial and military aviation operating systems, as well as medical devices, are designed with zero vulnerability tools and high assurance procedures in mind, which saves lives.
The problem is persuading government officials to change their opinions. Despite the fact that zero trust principles and high assurance procedures have been around for a long time, many organisations have just lately implemented them. According to research, just 41% of IT teams have established a plan to apply zero trust architecture principles. Incorporating zero vulnerabilities in parallel may appear impossible, putting the goal of breach prevention out of reach in the foreseeable future.
91 percent of IT executives, on the other hand, said they want to see their company change to breach prevention in the next three years.
Starting with budget allocations is a smart idea. According to the findings, cybersecurity spending is presently prioritised for data, platform security, networking, and infrastructure, while hardware and supply chain security receive a smaller share of the pie. However, the percentages aren’t far off:
- Data: 47%
- Platform Security: 47%
- Networking: 40%
- Infrastructure (including cloud): 38%
- Hardware: 34%
- Software Development: 33%
- Supply Chain Security (software): 31%
- Supply Chain Security (hardware): 30%
When it’s time to issue a new device, replace it with one equipped with zero vulnerability protection, according to the agency’s refresh cycle. According to the research, this concept has a chance of acquiring traction: Hardened endpoint devices outside of the security perimeter are a crucial aspect of breach prevention, according to 89 percent of technology leaders.
Other important considerations, according to leaders, for breach prevention are:
- Centralized access to cybersecurity data and analytics: 91%
- Improved vulnerability management: 90%
- Fundamental top-down culture change prioritizing prevention: 89%
Hackers will always have a soft spot for government institutions. Assuming that hackers will get access leads to teams playing a never-ending game of “capture the hacker.” Changing mindsets to prioritize cybersecurity prevention will result in significant progress in securing federal data, systems, and missions.