When the Modernizing Government Technology Act (MGT Act) was signed into law in 2017, its purpose was to provide agencies with funds they can apply to their IT modernization efforts, including those around cybersecurity. Agencies could apply for funding from the Technology Modernization Fund, which was designed to help them move on from legacy systems and invest in agile, transformative technologies.
As it turns out, the establishment of the MGT Act has proven even more visionary than anyone could have imagined.
Due to COVID-19, the need to modernize legacy cybersecurity systems and move to the cloud has greatly accelerated. The pandemic has also cracked open a door for insidious hackers to exploit vulnerabilities through a wide range of tactics, from ransomware to DDoS/DoS attacks and more. Indeed, earlier this year the U.S. Department of Homeland Security and the U.K.’s National Cyber Security Centre issued a stark warning of a rise in malware and ransomware.
Of course, security threats were on the rise long before COVID-19. According to a report issued by Verizon near the beginning stages of the pandemic, ransomware accounted for 61% of public sector malware-based incidents, with 33% of breaches caused by insiders. And, an early 2020 report by the Cybersecurity & Infrastructure Security Agency (CISA) notes “foreign cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, including public and private sector organizations.”
There is No Perimeter
But, COVID-19 has expanded the attack surface. Remote work is now the norm, and users are increasingly reliant on cloud-based applications. As more government employees work from home, capacity and security demands have overwhelmed systems and processes.
These factors pose challenges for IT security teams tasked with securing increasingly distributed networks and an array of potentially vulnerable applications. Whereas before they may have relied on traditional security solutions to defend their network perimeters, today there are essentially no perimeters.
As such, organizations should consider investing MGT Act funds in multiple forms of dynamic protection to ensure they are secure on different fronts. For example, monitoring privileged user access and implementing identity management protocols ensure that only the right people have access to a network and highly sensitive information. Meanwhile, application security tools offer protection against API vulnerabilities, injection, cross-site scripting attacks, and more.
Organizations must also ensure their security policies are consistent across multi- or hybrid cloud platforms, which can offer great flexibility and cost benefits but also introduce an enormous amount of complexity. Different cloud providers adhere to various policies—including shared responsibility models that establish that the customer is responsible for data security—and it can be challenging to get a clear picture of application security across multiple clouds. Automating security across on-premises and various cloud environments can ensure applications are subject to the same policies and remain secure regardless of where they are housed.
A Framework for Success
As agencies consider investing their available funds into new cybersecurity technologies, they should also begin building cybersecurity frameworks to help them put those technologies to use. The National Institute of Standards and Technology (NIST) Cybersecurity Framework is an ideal starting point.
The NIST Cybersecurity Framework helps agencies establish better risk management practices by taking a holistic lifecycle approach to risk management. Using the guidelines set forth by NIST, agencies continually assess and mitigate risk through five core functions: identify, protect, detect, respond, and recover. The aforementioned technologies fit neatly into all of these categories, as they provide visibility into potential vulnerabilities and ways to remediate in the event of a breach.
The NIST Cybersecurity Framework is a useful tool because it gives organizations a standardized structure through which they can create highly adaptive security programs. It offers flexibility so organizations can customize it to meet their own unique needs while providing a common blueprint for managing risk and addressing vulnerabilities. Organizations can incorporate their own security policies into the Framework while taking advantage of NIST’s recommended standards and best practices.
Don’t Pay the Price
According to a recent Ponemon report, the average cost of a data breach is an eye-watering $3.86 million. That’s staggering, particularly considering that many organizations—government agencies included—are now being asked to do more with less as budgets continue to constrict in light of the pandemic.
Clearly, agencies cannot afford to let their guard down, both literally and figuratively. Now is the time to invest some of the money that is available through the MGT Act in modern, automated cybersecurity solutions that will protect against evolving threats, saving both data and potentially millions of dollars. Learn more about how F5 solutions help federal agencies secure their networks, reduce costs, and succeed in their missions.
By Michael Coleman, Federal Solution Engineering Leader at F5
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...