When a massive data breach struck the Office of Personnel Management (OPM) in 2015, it sent shockwaves through the federal government.
Reports on the incident alerted the cybersecurity industry — as well as the general public — to the agency’s lacking defenses. The theft of 22 million records, and the ease with which they were accessed, was an eye-opening indication of how badly federal agencies’ cyber defenses have lagged behind the times.
The OPM breach spurred a series of actions at the federal level. Notably, in May 2017, President Donald Trump signed an executive order that promised to hold agency leaders accountable for cybersecurity. The Departments of Homeland Security and Commerce undertook research into improving the cyber workforce. It seemed the wheels had been set in motion to make some necessary changes.
One year after the executive order, however, daunting challenges remain. A new report released by the Office of Management and Budget finds that a majority of agencies are underperforming in cyber defense. An assessment of 96 agencies has found that 71 are relying on security programs that are considered “at-risk” or “high risk.”
Recently, the White House announced it would eliminate the position of cybersecurity coordinator — a move that cybersecurity analysts have criticized. In light of the OMB report, it is difficult to see the reason behind such an action. Indeed, for any organization planning to improve its defenses, focused leadership is critical for turning guidance on best practices into actual security enhancements.
Governance, though, is just one of four key needs the OMB called for in its report. The full list includes:
- Increased awareness of cybersecurity threats using cyber intelligence resources.
- Standardized capabilities to control for budget and resource availability
- Consolidated security operations centers (many organizations can accomplish this through managed security services)
- Accountability, including centralized governance and ongoing risk assessment
Any organization can benefit from the OMB report by reviewing where your cybersecurity stands in relation to these recommendations. If you suspect your programs are in need of improvement, Lunarline is prepared to help you push ahead. Contact us today for more information on how we can help.