Many Federal agencies struggle with whittling down their cybersecurity priorities. Meeting with individual organizations within an agency to gauge their priorities is a solution that can be transferred from the private sector to the Federal world, according to Rocky DeStefano, cybersecurity subject matter expert at Cloudera.
“What I see in the private sector that works really well is organizations prioritizing those use cases they want to go after. You learn very quickly it’s not overly complex things. It’s not always malware that matters to these businesses. In fact, some of these businesses will take an acceptable level of malware across the organization,” DeStefano said Tuesday at MeriTalk’s Cyber Security Brainstorm in Washington, D.C.
“There are things that you can do holistically that will benefit the organization in terms of its action. What really is most effective is understanding those use cases from A to Z.”
DeStefano said that agencies should ensure their employees are motivated to help when a cyberattack occurs. He used the example of a certain organization that refused to respond to a cyberattack because it would affect their bonuses. In assessing teams at an individual level, cyber professionals can learn how to best incentivize the people working for them, according to DeStefano.
Converging data to one place, where it can be stored, processed, and analyzed, is another important part of cybersecurity, according to David Rubal, group vice president of the North America Public Sector Cloud and Infrastructure Solutions Sales Engineering at Oracle. Although transferring data to one large data lake can be beneficial, DeStefano stressed that the vast amount of information must be governed properly.
Rubal said that Federal agencies will experience a “look in the mirror” moment when they realize big data management is key to best cyber practices. He said that a fundamental question is whether an agency’s culture is data-centered with a focus on analytics.
“The shift to a data-driven culture is key,” Rubal said. “Big data, small data, streaming data, unstructured data—if they’re not coming at you now at the agency level, they’re coming soon. All of these different types of sources are going to challenge your traditional thinking when it comes to data management.”
Also from the Brainstorm:
Cybersecurity Initiatives Will Continue to Next Administration
Fix FedRAMP or Congress Will, Connolly Tells GSA
Commerce CISO Says Playing Defense is Essential
DISA is Moving to Commercial Cloud