Three areas to focus on when re-evaluating your cybersecurity strategy
It’s clear now that the cybersecurity landscape has changed dramatically since the onset of COVID-19. Much of the conversation over the past seven months has been focused on the impact of private sector employees working from home, which at times has overshadowed the specific concerns – and constraints – of public sector organizations.
Like their private-sector counterparts, many saw their perimeters suddenly extend to include home devices, opening up their networks to greater levels of risk. But public sector leaders face even more challenges. Budgets are always top of mind, and have likely become even tighter given how quickly and significantly they had to adjust their resources. For healthcare and education organizations, facing surging demand and greater public scrutiny – that challenge has been especially acute.
As a threat landscape expert with 20 years of cybersecurity experience, I’ve had many conversations with public sector leaders in recent months. What I’ve learned is that when working with constrained budgets and longer timelines, it’s worth focusing efforts on some key areas that are likely to make the most impact and generate return on investment in our current environment.
One area that’s worth extra attention is hardening points of entry. In our recent Fortinet threat report, we learned that cyber criminals are taking advantage of security holes that are already known and well understood. Public sector organizations worked overtime to meet the impact of COVID-19, straining their defenses. Even in the face of long to-do lists, reviewing your approach to prioritizing patch management and taking full advantage of multi-factor authentication wherever possible are always worthwhile places to focus your attention and reduce at least some risk.
Next is finding ways to help build more flexibility and adaptability into your security infrastructure in a way that’s cost-efficient and that will make future transitions like we faced this year easier to handle. Gone are the days of IT silos. Network and security are now closely intertwined. As public sector leaders plan for 2021 and beyond, aim for a consistent strategy across the network and into the cloud. Taking a platform-based approach to security can help pay major dividends now and into the future.
Now more than ever, security requires constant training and vigilance. The threat landscape is constantly evolving, and it’s important to make everyone aware of the risks that exist in the wild. For that reason, try to carve out time for education – both for security teams and all employees. It doesn’t have to be a costly or time-intensive proposition. At Fortinet, for example, we have created an in-depth global training program with courses available for free. It effectively bridges the cybersecurity skills gap, from cybersecurity fundamental education courses for anyone, technical product training, advanced solution-based training.
There are no easy answers as public sector leaders try to balance resources and priorities. But given that the pandemic landscape isn’t going away anytime soon, a focus on these key areas can go a long way to future-proofing your security infrastructure.
Find out more about Fortinet’s NSE Training Institute programs, including the Certification Program, Security Academy Program and Veterans Program, which provide critical cybersecurity training and education to help solve the cyber skills gap and prepare the cybersecurity workforce of tomorrow.