Originally posted on http://www.vmware.com by Keith Nakasone
This year’s Cybersecurity Awareness Month carries a distinct message for everyone.
We’re experiencing a monumental shift from behind-the-scenes surveillance efforts to increasingly visible steps with more secure cloud services. If we do it right, we may finally help steer the world towards a safer future (both online and offline.)
The costs of rapidly rising data breaches are hitting all-time highs, the White House recently imposed strict software requirements on U.S. federal agencies, and the ongoing war between Russia and Ukraine is keeping governments around the world on high alert.
Despite our increased awareness and best efforts to date, cyberattacks on city, state, and federal agencies skyrocketed last year, sending a clear signal for 2022 and beyond: This affects all of us.
Against that backdrop, it’s time for deeper discussions around actionable security measures throughout the public and private sectors. With countless organizations taking on large-scale digital transformations and cloud migrations, security needs to be the virtual bedrock of every new data management and communications platform, in addition to the growing number of other cloud-based tools. The architecture and infrastructure behind these systems should be tested over and over until error rates reach a concrete zero.
Government agencies and healthcare providers remain some of the most highly exposed institutions here in the States. Meanwhile, more than 80 percent of 550 organizations surveyed for IBM’s Cost of a Data Breach Report 2022 say they’ve experienced more than one infiltration. IBM cites an average cost of $4.5 million for every ransomware attack — not counting the cost of the ransom itself.
“This year’s campaign theme ‘See Yourself in Cyber’ demonstrates that while cybersecurity may seem like a complex subject, ultimately, it’s really all about people,”the Cybersecurity and Infrastructure Security Agency (CISA) notes on its website.
Public agencies possess troves of private information that make them prime targets for cybercriminals. These incidents can cause havoc and critical delays for citizens that rely on key government services, including healthcare, social security benefits, passports, and emergency management.
To stay ahead of the curve, government agencies will need to accelerate their adoption of modern technology frameworks such as zero-trust architecture, which enables them to dismantle outdated legacy systems at a faster rate. For the highest quality cloud solutions, we strongly recommend that agencies adopt a Development, Security, and Operations (DevSecOps) model, where security is embedded into the full lifecycle of all software products and services.
As a qualified specialist, VMware can help agency leaders access this framework and implement DevSecOps practices in a secure and time-sensitive manner. One of the first steps is to run a series of security checks and pre-commit hooks — think of them as test runs that can help a team automate manual tasks and increase productivity. Once that is done, software developers can register everything into a source code repository and additional security checks are performed on a regular basis.
Security is a team sport. In today’s world, there are too many surfaces to defend, not enough context on the biggest threats beyond malware, and too many tools and silos that can lead to endless blindspots. To put it simply, security needs to be built in from the ground up and delivered as a distributed service with all cloud solutions.
Agency leaders must also educate and upskill their employees on cyber hygiene and general best practices.
The ongoing shift to remote work and living around the world has accelerated these needs tenfold in a relatively short span of under three years. When any of us perform job duties or even shop from remote locations, be it at home or a local café, potential security threats increase as we access internal data systems from the outside.
At VMware, we are intently focused on building new multi-cloud strategies that fit the security needs of our time. Government agencies and their software vendors can no longer fly by the seat of their pants — nor should they want to. Given the Biden Administration’s recent mandate that third-party software providers follow strict guidelines from the National Institute of Standards and Technology in order to continue working with federal departments, among other initiatives, the bar is certainly rising.
The devastating SolarWinds hack of 2020 and countless other data breaches will always serve as a reminder that as secure as we may think we are, even some of the biggest names in the software business, like Microsoft, and some of the country’s leading defense agencies can still be blindsided.
It’s not just about the technology; we’re also grappling with ongoing supply chain disruptions and a widening security skills gap that present unique challenges in today’s climate. For every digital advancement, there’s a key human training component.
VMware is committed to meeting the cybersecurity needs of all of our customers. We encourage anyone who’s interested to visit CISA’s website and find out more about what you can do to stay engaged.