Today’s cybersecurity landscape can be described as tumultuous at best. The last six months alone have shown just how frequent, devastating and far-reaching modern attacks can be. When compounded with what seems like an inescapable skills gap, cybersecurity professionals are constantly behind the curve. This rings especially true for the federal government and those working daily to keep our country’s information safe and nation-state hackers at bay.
The recent influxes of funds and requests to boost the Cybersecurity and Infrastructure Security Agency budget to better address the constant wave of cybersecurity issues may serve as a beacon of hope for some. However, federal spending increases don’t always equate to better solutions. As many chief information security officers and chief information officers can likely relate, a bigger budget has its numerous benefits but it doesn’t magically scale teams or thwart threats. In fact, according to McKinsey & Company research, there is no direct correlation between spending on cybersecurity and the overarching success of the program. Though the intention to improve our nation’s cyber defenses is warranted, there has been little progress with increased budgets in the past. It’s time to leverage new resources, beyond just cash, to address these problems head-on.
An Industry Inflection Point
The U.S. has steadily deepened the pockets for cybersecurity priorities as nation-state attacks like SolarWinds exploit government agencies with ease and even more recently, the Colonial Pipeline ransomware attack targeting critical infrastructure and private enterprises at a rapid pace.
The Biden administration recently distributed its cybersecurity executive order that aims to protect federal agencies but also secure private enterprises contracting with the government in any capacity. This development is a much-welcomed change and also one that’s long overdue for the federal supply chain. The order also calls for increased standards for software development, emphasizes transparency and the reporting of potential attacks, and conducting systematic investigations of successful breaches. These are all steps in the right direction, and a differentiator from the status quo, when defending against sophisticated cyberattacks.