Moving toward a reality where breaches are not a given

Ninety-one percent of cybersecurity leaders say they want to see their organization shift from ‘assume breach’ to breach prevention in the next three years, according to a study from MeriTalk.

The study – which surveyed more than 300 cybersecurity leaders across Federal, state, and local government – found that 83 percent of public sector organizations operate on an ‘assume breach’ model today. Seventy percent estimate their high-value assets (HVAs) have been compromised in the past 12 months, and fifty percent believe there will be a cyber 9/11 in the next 10 years.

Leaders believe it is possible to build zero vulnerability platforms

But it’s not all bad news. The study – underwritten by INTEGRITY Global Security (IGS) – found that 93 percent of leaders believe it is possible to build zero vulnerability platforms. They say a major shift in prioritized focus will be necessary to get there. Today, 61 percent of cyber decision makers report their organization focuses most cyber resources on detection, confinement, or remediation, 39 percent say their primary focus is on prevention.

“Cyber leaders are underwater, but it is possible that we can move toward a reality where breaches are not a given,” said Jimmy Sorrells, President, INTEGRITY Global Security (IGS).

“The industry needs to know that there are zero vulnerability platforms available, and those platforms are the key to helping our public servants better protect critical systems and citizens. It is going to take a stronger commitment to cyber hygiene, platform security, and breach prevention to make real progress. We cannot continue to do the same things and expect different results.”

While 98 percent of respondents are taking steps to improve risk management, just half are reporting progress on foundational cyber hygiene, including enforcing multi-factor authentication and encryption, deploying endpoint detection and response systems, and auditing hardware security. Only 45 percent of organizations have developed a prioritized list of HVAs.

Prioritizing platform security a key step toward breach prevention

Eighty-nine percent of respondents say further prioritizing platform security is a key step toward breach prevention. It will help organizations improve ability to isolate critical infrastructure from vulnerable devices, as well as reduce exposure and risk.

To make the shift successfully, government cyber leaders say they need:

• Centralized access to cybersecurity data and analytics (91 percent)
• Improved vulnerability management (90 percent)
• Hardened endpoint devices (89 percent)
• Fundamental culture change (89 percent)
• Increased investments in zero vulnerability solutions (89 percent)