"If you look at cybersecurity both on the offensive and defensive side, we’re seeing additional requests for funding, but the money has to come from somewhere," Moyle said.
This should sound alarm bells in light of a recent Enterprise Strategies Group survey that finds three out of four U.S.-based companies anticipate being hit by a cyberattack of some sort for the second or third time.
Meanwhile, of cybersecurity initiatives that rank high with government IT managers, continuous monitoring stands out, says Moyle, who noted other top priorities including upgrading standard defenses and improving the security of agency-issued mobile devices. But the trouble is much of it is being done without rhyme or reason.
"You need to do [continuous monitoring] in a way that ties it back to the risk that your agency faces," he explains. "That might be a little bit different from what folks are doing on the ground. The folks that are implementing these continuous monitoring programs are either just 'checking the box' because they have to, or they’re looking at what they can get access to from a data standpoint. But they’re collecting those metrics because they can and not because they’re actually meaningful for their program."
When asked to rate their level of readiness to defend against new and emerging threats, survey respondents cited social media (28% are completely or somewhat unprepared) and unsecured mobile devices (18% are completely or somewhat unprepared) as prime concerns. The concern about social media might be expected, given the current Wild West nature of the technology and its use, but it struck Moyle as odd that concern about mobile devices ranked as high as it did.
"I thought mobile and bring your own device [BYOD] would be less of an issue within the federal space since culturally that particular sector is more in the model of using resources provisioned for you by the folks whose job it is to secure the technology," he says. "I was surprised to learn that’s not the case. The consumerization [of IT] that’s happening in the rest of the industry is happening in the federal space, too."
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
There are many network courses that can address your present job's priorities and help you gain the needed skills to keep pace with industry changes and new technologies.
