Close public-private collaboration between the government and the private sector is helping to serve as a “force multiplier” in building cyber resilience, and has helped organizations to proactively respond to cyber threats, according to new research from RSA Conference and MeriTalk.
At Carahsoft’s Public Sector Day event at the RSA Conference in San Francisco on April 24, leaders from MeriTalk and RSA Conference presented the latest research findings. The survey – which gathered input from 100 Federal and 100 private sector cybersecurity decision makers – found that 90 percent of those view public-private partnerships as a “force multiplier” in cyber resilience.
Additionally, nearly half said that the value of shared intelligence has passed perhaps the most important test of all: 47 percent of the organizations have used the data to respond proactively to a cyber threat.
“I think the biggest thing is that we’re seeing partnerships become more prevalent and also more actionable,” said Joe Franco, director of programs at MeriTalk.
Despite the good news, Franco also pointed out that only 40 percent of cyber decision-makers find current partnerships very effective. Additionally, he said that about three-quarters of folks say that their organization underutilizes relationships for sharing and acting on intelligence.
So, how can the government and private sector improve that? Franco told attendees that they are in the right place, as the RSA Conference is “a great place to collaborate.”
“As the research shows, there are many different groups within the Federal government that the private sector looks to – CISA [Cybersecurity and Infrastructure Security Agency] comes out with the shining star,” said Britta Glade, vice president of content and curation at the RSA Conference. “There’s lots of great work that’s happened there. I think through the course of this week that you’ll see from that leading organization.”
“RSA Conference, certainly in our theme – where the world talks security – we’re all about bringing people together to have these conversations,” Glade added.
While the majority of respondents – 60 percent – said CISA was the Federal government agency that provides the most actionable and trusted intelligence, they also voiced support for the FBI – 18 percent – as well as the National Security Agency (NSA) – 15 percent.
Another key finding revealed that large organizations are nearly three times as likely as small organizations to find these partnerships as very effective (31 percent to 11 percent). They were also significantly more likely to report cyber incidents to Federal agencies or field offices – 91 percent to 43 percent.
Glade noted that this was an “active working hypothesis going into the research,” but said that RSA Conference is working to close this gap and build trust in intelligence. For example, she said the Cyber Readiness Institute (CRI) is at the RSA Conference holding closed-door meetings with leaders of the Small Business Advisory Council.
“When you pick up the phone and you have a problem, you want to make sure someone will answer that call or help you find the right person – and the only way to do that is to build the collaboration over time,” said Nicole Burdette, principal at MeriTalk.
“So, when we talk about collaboration, it’s succeeding or failing together. It’s stronger together, which is the theme of all of us this week,” Burdette added. “It’s public and private sector, but then within your own organizations, it’s also IT and leadership and employees.”
Check out all of the findings and recommendations by downloading the complete research report.