Agencies report challenges with threat intelligence and detection
Sixty-three percent of public sector respondents said they struggled to leverage data to detect and prevent threats, compared to 49% of private sector respondents. The public sector was also more likely to struggle to mitigate cybersecurity events (66% of public respondents vs. 56% of private sector respondents).
Public sector respondents cite several reasons for these shortcomings, including skill gaps, lack of resources, and lack of visibility into the threat landscape.
Research shows that the biggest barrier to public sector cybersecurity priorities and mandates is budget. Nearly 80% of his public sector respondents said the budget is hindering their ability to address these areas. His 2023 comprehensive spending package, recently signed by President Joe Biden, provides significant funding for cybersecurity, including his $1.3 billion into the Cybersecurity and Infrastructure Security Agency’s (CISA) cybersecurity program. shows a significant increase, increasing his $230 million year-over-year. fed scoop.
When it comes to threat intelligence, 44% of public sector respondents say there is a lack of shared cybersecurity intelligence available, compared to 29% of private sector respondents. Kovar, who has worked in both the public and private sectors, said these figures could be a result of the public sector knowing what it lacks and the private sector not realizing all the possibilities. I’m assuming there is.
“I had a lot more intelligence when I was in the public sector than I was in the private sector,” says Kovar. “I wonder if part of it is that people know how much they can have, but they can’t do it because they lack resources. And they don’t know what the private sector can do.” how much?”
In November, the General Services Administration acknowledged this and took steps to address it. On behalf of CISA, the GSA has submitted a request for information regarding the availability of threat intelligence enterprise services to assist the agency in developing its threat intelligence capabilities. CISA cites fragmented threat intelligence as one of the existing barriers in the federal cyber ecosystem seen across the threat intelligence lifecycle.
look: These new threat indicators help improve federal cybersecurity.
How data limits increase the disconnect between public and private
According to the report, these data challenges limit the ability of both sectors to share information with each other and hinder collaboration between public and private organizations. Findings suggest that organizations in both sectors are much more likely to share intelligence within their sector than across sectors.
That said, the two sectors were in agreement about what kinds of insights and information to share were important.
- Threat intelligence and actors (69% public, 63% private)
- Real-time information on security events (60% public, 69% private)
- Cybersecurity training materials and best practices (79% public, 68% private)
- Benchmark data (36% public, 31% private)
Kovar said the disconnect comes from the fact that the two divisions have different challenges and capabilities.
“You’ll see people agree on goals, but how they’re implemented and executed will differ between the public and private sectors,” he says. It means that the department has an obligation to help citizens, not to make a profit, and that’s a very big difference.”
Looking ahead, the most common cybersecurity investments among public sector respondents included monitoring/alerts, threat intelligence, and security assessments.