At every level of a private enterprise, IT managers worry about potential cyberattacks and the havoc they could wreak on the business. For public sector professionals, there’s an added pressure: they’re not only concerned about keeping things running smoothly, but also securing highly sensitive citizen and government information.
Marlin McFate focuses on the public sector as public sector CTO at San Francisco-based Riverbed Technology. He spoke with StrategicCIO360 about what he’s learned for all companies from his position, how to update your approach to cybersecurity and why it’s important to “be suspicious of everything.”
What lessons can be learned from reliance on a largely remote workforce during the past couple of years to improve network performance, especially in the public sector?
When we look at the workforce prior to the pandemic, it was an unspoken belief among some that if you can’t see your employees, you can’t ensure they’re completing their tasks. However, through a forced exodus of employees from offices to remote work, we’ve learned that not only are people completing tasks and assignments, but there’s been a significant improvement in their productivity. This is in part because the private and public sectors had already been in the process of moving to the cloud and SaaS prior to the pandemic which then greatly accelerated progress and increased the viability for remote work.
While this transition to the cloud and SaaS helped facilitate remote work opportunities, the increase in distributed users and end points created more vulnerabilities for attackers to exploit and steal data. With government workers positioned to work outside of secure offices for the first time ever, it was critical that networks were monitored, and managers had full visibility of them to proactively prevent phishing and cyberattacks. Now as government offices are reopening, and some workers are returning to secure facilities while some remain remote, the importance of having complete observability of the network is just as important today.
When it comes to updating their enterprise’s current security posture, where should CIOs look first?
We must admit to ourselves that adversaries have the upper hand. They’re operating in the shadows and, even when they may not be doing anything that is evident to security leaders, they’re practicing attacks and getting their hands on products and services we want to employ within our networks. Through practice, threat actors are figuring out how to circumvent these environments and stay hidden—this is the world’s biggest game of hide and seek.
The first thing IT managers should do is evaluate their blind spots. It doesn’t matter what architecture you have or what kind of methodology you’re using, you have blind spots. There must be some sort of unified observability premise set in place to identify and investigate these areas thoroughly.
The second step is to get humans involved. Don’t rely solely on automated detection. Leaders must remember that the “good guys” are often behind the ball compared to the cyberattackers. Bad actors can get their hands on products and figure out how to infiltrate them and how to work around artificial intelligence tools.
Finally, be suspicious of everything. Build a foundation of network observability within your infrastructure and hire and train people who are good at threat hunting. Individuals in your organization should be actively threat hunting and looking for advanced persistent threats. The threats that infiltrate your system may only be the 1 percent that gets past traditional defenses, but that 1 percent often represents the nastiest and most dangerous threats.
What unique challenges does the public sector face when it comes to optimizing its IT networks?
There’s a cultural component that needs to be addressed when you talk about modernization and digital transformation. In the public sector, there must be a mental shift from thinking less about what the system components are to more about what capabilities are needed and what teams are measured on.
Siloed sectors within an IT department highlight this need for a cultural shift. Though everyone in the public sector recognizes and understands that siloed organizations are less efficient and detrimental to progress, traditional ways and past experiences cause a lot of organizations to get stuck in this mindset and they do not know how to break free. Often, these silos within the organization are working toward the same goal and pulling the same data. To streamline processes and optimize time, there needs to be an organizational switch to break these silos down and have network, application and security employees playing from the same sheet of music.
What factors might CIOs not be taking into consideration, but should, to successfully implement new cybersecurity requirements and mandates?
Something that gets lost is understanding and being able to quantify where you’re starting from before making changes to reach your security goals. Knowing your company’s starting point is vital to measuring success and identifying whether the changes and updates you implement are helping or hurting performance in the long run.
Similarly, without knowing what your vulnerabilities are, you can’t claim to be more secure after implementing a cybersecurity solution or tool. That’s why having observability tools is so useful—you can see the whole system and know the details of every packet, flow and user. Observability gives you the best starting point to implement new processes into your network and see if the tool is helping or hurting your security.
This coincides with the zero trust architecture mandates and policies that have been announced. If your goal is to begin the process of implementing these practices into your network, you need to know where you’re starting from. This refers to both what’s happening in your networks and what training your personnel have or need to be successful. Otherwise, these tools are just an extra step in the process that may hinder you from protecting your data from intruders in the future.