ISG Provider Lens™ Cybersecurity - Solutions and Services - Managed Security Services - SOC - U.S. Public Sector 2023
The U.S public sector needs to have proactive management to handle cyber threats
Research by Comparitech shows that the total cost of data breaches faced by the U.S. government in 2022 was $26 billion. This amount could have been spent on education, healthcare, defense or justice if cyberattacks were managed well. The research shows that such attacks impact approximately two-thirds of U.S. citizens. The downtime for a breach in local government was five months. In terms of the attack targets, the top five states are Texas, Georgia, California, Florida and Pennsylvania.
The cost and impact of cyberattacks are increasing in both public and private sectors globally. Hence, the U.S. government is increasing its focus on effectively managing cybersecurity issues. However, legislative and regulatory responses to such threats must be accelerated.
Federal government issues are crucial; the U.S. federal government is the most prominent target globally for apparent reasons. Despite having a low profile, state, local and education (SLED) agencies are still threat targets. As a result of this, stakeholder education, investment and capability need to improve. ISG has identified successful examples of agencies leveraging a broad range of provider solutions targeting the sector. Some providers can offer a wide scope of product and service-based solutions, while others have narrower but specific capabilities. Nevertheless, they all play a part in providing solution portfolios to be integrated by clients.
Apart from the apparent threat issues, a broad set of technology and provider trends impact the market’s characteristics.
Government agencies continue investing in cloud solutions across their application, infrastructure and business requirements. As a result, there is an increased need for robust and consistent cloud security measures to prevent data from being accessed by the wrong party.
Cloud providers are increasingly engaged in this, with integrated offerings from significant hyperscalers becoming increasingly visible with each release. This will only continue as agencies and their enterprise counterparts realize where the responsibility lies for security, data backup and recovery.
In volume, 2022 saw a reduction in ransomware attacks bucking a growing trend. However, they remain a major threat. Ransomware attacks are increasingly sophisticated, posing an ongoing and significant threat to public sector organizations. This has increased investment in ransomware protection measures, such as data backup and recovery strategies. It has also led to legislative changes, with states including North Carolina and Florida introducing legislation that banned government entities’ payment of ransom money.
External ransomware attacks, state-based hacking and other high-profile issues sometimes gain attention; the always underrated security threat is from within. In some cases, this activity is nefarious, and in other instances, it is just a user error resulting from ignorance, poor training or simple carelessness. It still presents significant issues, so there is an increased role for training, access control development and consistency, along with monitoring capabilities. It is worth noting the connection between technology security and physical security. Agencies that leave doors unlocked and do not manage access passes are likelier to be vulnerable in their technology security. This is due to the simple fact that attitude toward security is critical. Any lax approaches in either realm will inevitably spill over.
AI has become a high-profile application of technology. This has built up over several years, but from the consumer or employer perspective, the actual use of AI has become fundamental in consumer tools such as our suggested viewing on Netflix, listening on Spotify, and shopping on Amazon. ChatGPT has burst out of the blocks, making generative AI the buzzword of 2023 to date, with substantial uncertainty over the technology’s positive benefits and adverse outcomes. From a security point of view, AI and ML are central in applications across the spectrum of technology and security requirements. It is most pertinent in datasets with strongly structured data levels; hence, threat protection is paramount. Many vendors are building out capabilities, and it is reasonable to assume that these will quickly become attractive to government agencies in the U.S. and globally.
We have identified that zero trust is becoming a fundamental approach for agencies and more than a perimeter-based approach is needed. This is a complex migration for some, particularly in a world of diverse devices mixed between the company and privately owned. Still, it is essential, and strong identity management tools help enable the IAM tools to be a mechanism for zero-trust.
Ownership of security within the government agency is a real challenge. Each agency has a different structure depending on its services, location, size and scale, but the bottom line is that the head of the agency or university must consider investments and outcomes of cybersecurity under their range of responsibilities. A chief information security officer (CISO), if they exist, cannot operate in isolation. Some agencies and their private sector counterparts risk delineating data between internal and external (or customer) data. Cybersecurity risks are too high to have this fragmented approach. Training requirements must be prioritized more explicitly across all levels of the organization; as highlighted, humans are the source of error on so many occasions.
From the vendor perspective, every year is different for security. 2023 is continuing in this vein. XDR and other technologies, such as IAM, are rapidly evolving, and cloud-based and edge/ IoT-based tools are accelerating. As highlighted, this growth comes from prominent established vendors, well-funded start-ups and services companies. Consolidation continues to happen across all offerings. Some service companies consider acquiring product companies to boost engagement and capabilities, while others seek to broaden services. In some respects, the U.S. government is not directly involved, as accessing the enterprise client base is the primary acquisition driver. However, it is still relevant, and activity is swirling around government-focused solutions and service providers.
For government buyers of security technology, there are three key takeaways.
1. Education and employee awareness of the holistic requirements for security, from locking the front door to adhering to password protocols, must be met.
2. Investment in solutions driven by analytics, AI and ML at the core to improve threat detection and risk management.
3. Leadership from the highest level of the agency down to the newest employee has to be embedded. Leaders must prioritize the issue and invest appropriately, and all employees must understand their role in keeping their agency or institution safe.
Access to the full report requires a subscription to ISG Research. Please contact us for subscription inquiries.