Cybersecurity in 2017: Federal Forecast and the CIO Perspective
The term hacker has been around for decades. In “A Short History of Hack,” The New Yorker describes the origin of the word and how, at first, hackers played a much more legitimate role in the technology industry. According to the article, hackers found ways to solve tech problems “in a different, presumably more creative way than what’s outlined in an instruction manual.” Today, this word has taken on a much more sinister meaning.
Now a hacker is defined as “a person who illegally gains access to and sometimes tampers with information in a computer system.” While accurate, this description does not even begin to cover the full scope of the advanced cybersecurity threats organizations face on a daily, even hourly basis. The word cybercrime better describes the organized and methodical nature of modern threats. Cybercriminals are often connected to complex criminal enterprises that constantly evolve to avoid detection and work around-the-clock to find and exploit any weakness.
Cybercrime is a priority concern for every industry. The past year has been dominated by headlines about large-scale attacks that compromised volumes upon volumes of sensitive and confidential information. Earlier this month, a CNN Money article discussed the release of a long-awaited report from the Commission on Enhancing National Cybersecurity, which was established in response to last year’s massive data breach at the Office of Personnel Management. This timely report outlines a list of threats, weaknesses and recommendations for federal agencies. Furthermore, CIOs across both the public and private sectors are challenged to keep pace with a rapidly evolving landscape when organizational budgets, expectations and policies are not entirely aligned with the needs and capabilities of a company’s in-house IT resources.
The Future of Federal Cybersecurity
In May, the U.S. Government Accountability Office published a report, Federal Agencies Need to Address Aging Legacy Systems, assessing how federal agencies allocate their IT budget between (1) operations and management and (2) development, modernization and enhancement. The report revealed a troubling decline in modernization spending, describing federal legacy IT investments as “increasingly obsolete.” TheHill.com recently described a fundamental issue regarding federal information technology funding, saying, “cost-cutting in IT makes everything more expensive.”
Looking forward to 2017, GovTechWorks.com reports that while IT modernization is an issue that enjoys support from both major parties, agencies still face obstacles to taking aggressive action that will better position their IT systems to keep pace with the private sector. However, organizations like the Office of Personnel Management and the Internal Revenue Service are taking measures now to modernize and protect mission-critical and sensitive data.
In addition to modernization, another strategy that gained momentum in 2016 and will continue to influence federal cybersecurity in 2017 is collaboration and information sharing. At the end of 2015, Congress signed the Cybersecurity Information Sharing Act of 2015 (CISA) into law. Congress says the purpose of this legislation is to require the development of “procedures to share cybersecurity threat information with private entities, nonfederal government agencies, state, tribal, and local governments, the public, and entities under threats.”
Organizational Priorities vs IT Priorities
In the 2016 PWC Annual CEO Survey, 61 percent of respondents cited cybersecurity as a top concern. According to the survey results, CEOs are prioritizing cybersecurity not only because cybercrime poses a threat to their organizations’ commercial interests, but also because it poses a threat to national interests as a whole. So, organizational decision makers understand that a data breach can have tremendous financial, legal and operational consequences. But a gap exists between how that understanding is translating into organizational policy.
When Deloitte University Press surveyed 2,100 CIOS, 45 percent said that cybersecurity will have a significant impact on their organizations in 2017, but only 10 percent of those surveyed felt that cybersecurity and IT risk management are a top business priority. But attitudes are evolving. Information Age magazine recently quoted a partner at a technology investment firm as saying “Cybersecurity has become a more and more prominent issue. It was something that everybody was aware of but it has struggled to get into the boardroom.
Over the last 24, 36 months that has changed quite dramatically. Now from the top of FTSE 100 down, they have to address this in a much more proactive way. This proactivity includes using a risk-based approach to prioritize resources and maintain a balance between preventative security and threat detection. While organizations have been expanding their preventative security systems, many are still not appropriately utilizing detective security controls that identify exisiting malicious activity.
As organizations’ top leaders begin to place more emphasis on cybersecurity strategy, they will increase spending in this area, predicts Cybersecurity Ventures, a cybersecurity research and market intelligence firm. In their 2017 Q4 Market Report, the organization projects a 12-15% year-over-year increase in cybersecurity spending through 2021.
The emerging theme is that the landscape is evolving faster than most IT leaders and departments can keep up with. New threats are emerging rapidly and organizations are moving more and more mission-critical data and applications to digital storage. But IT personnel don’t have to face these challenges alone.
QTS offers a robust portfolio of data center solutions built on state-of-the-art technology and powered by expert engineers. Our integrated approach to compliance and advanced physical and logical security systems can help organizations unburden their IT teams of day-to-day management and monitoring, freeing them up to innovate. To learn more about our industry-leading solutions, contact us today or call 877.QTS.DATA.