《Splunk:2023年公共部门预测报告(英文版)(20页).pdf》由会员分享,可在线阅读,更多相关《Splunk:2023年公共部门预测报告(英文版)(20页).pdf(20页珍藏版)》请在三个皮匠报告上搜索。
1、Public SectorSecurity,talent and supply chains:Insights to achieve organizational resilience and mission successPredictions 2023Its a Jungle Out ThereThe political turmoil,economic uncertainty,intensifying cyberattacks and persisting global pandemic of the last few years have made an already tough j
2、ob even tougher for IT and security professionals in the public sector.Cybersecurity threats are hitting especially hard,what with increasing ransomware attacks and prevailing supply chain risks.And the Great Resignation has severely affected government and nonprofit employers who still struggle to
3、regain staff lost during the pandemic.The good news is that some solutions are underway or forthcoming.President Bidens Executive Order 14028,Improving the Nations Cybersecurity,was issued in May 2021,and the Technology Modernization Fund(TMF)continues to be an available resource.Were also seeing a
4、growing collaboration among agencies and rising adoption of automation and zero trust.“Agencies are taking tangible steps to automate some of their security,and I predict that well see them use automation to combat increasingly sophisticated cyberattacks,”says Splunk Group Vice President and Chief S
5、trategic Advisor for Public Sector Juliana Vida.“Theyre also taking initial steps to formalize implementation of zero trust adoption.”But these are no quick fixes.Public sector organizations have fewer financial and talent resources compared to the private sector,and face more red tape because of th
6、e high stakes of their operations.LaLisha Hurt,industry advisor for public sector and federal government at Splunk,says that“many agencies are not taking advantage of the funds because they either are not aware or need help with submitting successful project proposals to the TMF board for approval.”
7、Automation will help drive efficiencies in resource-constrained environments,Vida says.“The public sector is embracing automation,”she says.“It will take another several years to roll out,but it will really make a difference in repurposing the human resources currently spending time on easily repeat
8、able,mundane,administrative tasks to higher-level work requiring creativity and innovative thinking.”Splunk Public Sector Predictions 2023|05While public agencies have more than their fair share of unique challenges,one advantage the public sector at large has is its unified mission.Theres no compet
9、ition,since the shared mission is the welfare of the public.One of our predictions last year was that we would see more information sharing and collaboration among agencies,as they put their heads together to figure out how to address new risks and cybersecurity attack vectors.And this prediction is
10、 coming true:“Public and private partnerships came into their own during this past year in a very big way,”Vida says.“These partnerships on information sharing and coordinated cyber defense plans are seeing success and finally starting to operationalize collaboration.”Change is rarely fast in the pu
11、blic sector.At least,it never comes as quickly as leaders want.But the right tools are coming,and improvements are on the horizon.Predictions and Survival Strategies for 202307 Talent Cross-train and upskill your existing workforce to fill recruiting pipeline gaps.09 Supply Chain The SBOM will becom
12、e standard.11 Privacy Regulation will start at the local and state levels.13 Ransomware K-12 schools will be hit especially hard.15 ITOps Security Convergence CISOs will take more responsibility for IT resilience.17 Good Things Come to Those Who Wait Prepare19 ContributorsSplunk Public Sector Predic
13、tions 2023|07PredictionTo address the talent shortage,public sector organizations will rely on clever short-term strategies ahead of long-term solutions.A skilled worker is hard to find,especially for the public sector.Splunks Economic Impact of Data Innovation Industry report found that a clear maj
14、ority,across multiple major industries surveyed,cited recruiting and retaining talent as a key challenge.The inability to hire and retain workers with the right skills,however,is hitting the public sector especially hard.An Axios report last summer found that although the private sector had recovere
15、d 99%of all jobs lost during the pandemic,the public sector had regained just 58%.Automation is a probable long-term solution,but when we asked our experts at Splunk for their take,theyre not counting on it for another several years at least.Juliana Vida,group vice president and chief strategic advi
16、sor at Splunk,says,“We havent seen or heard significant uptake in automation adoption,since many organizations arent at a place where they can take advantage of advanced capabilities just yet.”While automation wont be the magic bullet,planning ahead and getting more out of existing investments might
17、 just be enough to tide organizations over.“Weve been seeing a lot of cross training so skills can be shared across team members,”says Tina Carkhuff,industry advisor at Splunk.But retraining can only do so much(and can add to that other problem,burnout).In any case,retraining alone Splunk Public Sec
18、tor Predictions 2023|08wouldnt alleviate the talent shortage of 8.6 million in the EU,which faces a severe dearth of workers with needed digital and technological skills.Public sector organizations anticipate short employee retention spans and actually build expected departures into their hiring pla
19、ns.Carkhuff says,“State,local and government agencies,as well as universities,are hiring junior employees fresh out of college.These employees generally come in at lower salaries but get great training and experience that they can take to their next role.CIOs know these employees will leave for high
20、er salaries,but they often return later in their careers to fill higher-level positions and so public sector organizations are starting to count on being their first and maybe third employers.”In fact,we know of a CISO who set up a whole SOC around a university to get fresh graduates.He wasnt in the
21、 public sector,but had similar challenges around attracting and retaining talent.He turned new grads into junior analysts,knowing that theyd leave in two years for a more lucrative opportunity elsewhere later,and made that his talent strategy.Public sector organizations will also increasingly partne
22、r with their vendors to get more out of their existing investments.“Coping with the talent shortage will not look like more new tools that automate every process and action,”Vida says.“Itll look like making better use of existing tools,to squeeze more juice out of the orange.”If you cant afford an o
23、range juicer right now,use the hands youve already got and just squeeze as fast as you can.This is in the best interest of vendors as well,because driving wider adoption of their tools will boost their customer retention.Splunk Public Sector Predictions 2023|09PredictionDriven by a federal mandate a
24、nd supply chain risks,the software bill of materials(SBOM)will become standard within the next three years.The supply chain attacks on SolarWinds two years ago have since been followed by a steady succession of additional attacks Log4Shell,Kaseya and others.It makes sense that organizations are devo
25、ting a lot of attention and resources to addressing the risks;97%have done so,according to Splunks State of Security 2022 report.We think the next strategy to mitigate supply chain risks is the SBOM.An SBOM lists the elements within a software package.In the event of a supply chain attack,the organi
26、zation thats fallen victim would have to trace every component that resides within the product to figure out what components can install software and whether the constituents that use their services are compromised.Agencies will be the first to require a software bill of materials,or SBOM,when they
27、purchase software,says Splunk Distinguished Security Strategist Ryan Kovar.Given that software products often incorporate many open source projects,the organization compromised would have to track down various owners of those including,as Kovar puts it,“that one person in Norway who happens to be th
28、e only maintainer in the world of a particular project.”Its a tough job to identify the components and determine whether each was compromised by the attack,but an SBOM would help organizations quickly ascertain the extent of the damage.Splunk Public Sector Predictions 2023|10There will be more imple
29、mentation and an increased focus on supply chain security next year,and then eventually,to sell to the government,youll have to have an SBOM.“By 2025,SBOMs will be required by the government for software purchases,”Kovar predicts.“It wont happen overnight,”says LaLisha Hurt,industry advisor for publ
30、ic sector and federal government.“Over time,well see each agency and procurement office start to require SBOMs,and itll become a standard requirement in the next couple of years.”The standard cant come soon enough.Another SolarWinds,Log4J,you-name-it sort of attack is imminent,and itll probably be o
31、pen source because,in the words of Kovar,“No one is looking.”GitHub seems to agree:The company has taken preemptive steps by announcing plans to support code signing,which is a digital wax seal that helps open source maintainers verify that the code they create is the same code that ends up in the s
32、oftware packages that users download.But preemptive measures,however necessary,wont stop attacks from happening altogether.Organizations need to be prepared to respond and minimize damage when the inevitable attack does strike which is where the SBOM will come in.PredictionPrivacy regulations will t
33、ighten,first at the state and local level and then at the federal level.As a result of recent legislative changes in America,consumers are more concerned about the privacy of their data than ever before.“Ive seen a ridiculous number of people pop up on Signal in the last year or so,”says Global Secu
34、rity Strategist Mick Baccio.Gone,he says,are the days when it was just him and a clutch of threat-hunter colleagues.“Now,its Boomers to Zoomers and everyone in between.People who have lived their entire lives online and never thought about privacy are thinking,Well,I want to make sure that what Im s
35、aying isnt being recorded by Facebook,which is a drastic mindset change from 10 years ago.”This greater collective demand for privacy will affect companies that collect any data(which is nearly all of them).From Google Maps to The New York Times,menstruation apps to fitness trackers,corporations wil
36、l be compelled to take more measures to protect consumer privacy.Theres some movement at the federal level,even though such efforts have been decades in the making.The American Data Privacy and Protection Act,introduced in Congress last summer,would provide a national standard on what data companies
37、 can gather from individuals and regulate how that data is used.But until and if that motion becomes law,well see continued privacy regulation at the state and local levels.Private companies have a patchwork of legislation to navigate,so theyll often err on the side of complying with the strictest r
38、egulations at the state level.In the public sector,on the other hand,both privacy and secrecy have always been significant concerns.Collecting new types,and greater volumes,of data may present challenges,but not a reassessment of values.The value of citizen privacy has been and remains strong,says J
39、uliana Vida.“Thats not changing.We just have more data to deal with.”Inter-agency information sharing,on the other hand,is slowly evolving.Agencies see greater value in responsible information sharing and are increasingly working on secure solutions,says LaLisha Hurt.“There was hesitancy in the begi
40、nning with information sharing,and case studies detailing certain situations,”Hurt says.“But there has been good progress on that front and this momentum will likely continue in 2023.”PredictionRansomware attacks will get more professionalized and only keep on coming,especially against K-12 schools.
41、The barrage of ransomware attacks hasnt ceased.In fact,ransomware gangs are getting more professional and better organized.And theyre seeing results.An April report found that 46%of organizations paid ransoms in 2021,up from 32%in 2020.And Splunks State of Security report found that 79%of organizati
42、ons have experienced ransomware attacks.“Ransomware moved from being a service to an economy,”Mick Baccio says.“Since its so easy to spin up,and with the addition of other services,its grown into a whole ecosystem.Its getting faster,its getting more efficient.Ransomware operators are learning IT ope
43、rations at the enterprise scale.”Educational organizations are especially at risk.Splunk industry advisor Tina Carkhuff says,“K-12s are the most common target for ransomware attacks.Weve seen some large ransomware attacks recently that have forced CIOs to rethink their security strategies.Its a top-
44、of-mind issue as schools investigate ways to protect their data.”It really should be top-of-mind.Throughout the first half of 2022,education and research organizations suffered 2,297 attacks per week,44%more compared to the same time last year.Whats worse is that the public sector has been paying an
45、 especially steep price.Whereas the average cost to a private organization was$1.8 million,educational institutions paid$2.7 million per incident,which includes not only the ransom payment but also other ensuing recovery costs.(Colleges and universities usually dont back up their systems,which makes
46、 cleaning up the aftermath of a ransomware attack messier and pricier.)Splunk Public Sector Predictions 2023|14Not all hope is lost,however.In September 2022,the Cybersecurity and Infrastructure Security Agency released a congressionally mandated report that detailed the cyber threats facing K-12 sc
47、hools and outlined recommendations for how federal and state resources should be allocated to counteract such threats.The amount of money that public sector organizations spend on cybersecurity is rising,too.“Twenty-five percent of organizations are spending more money on cybersecurity than they hav
48、e in the past,”Carkhuff says.“And the average salary for CISOs has also risen.Theres more attention spent on security at the board level in educational institutions.If an organization cant spend more on security tools or personnel,many will opt for cyber insurance as an alternate protective mechanis
49、m.”Insurance can be an effective remediation strategy,blunting the financial blow.While basic cybersecurity practices will stop many attacks,no organization can count on stopping them all.“Ransomware is never going away,cybercrime will get worse,and sprawling hybrid environments are increasingly mor
50、e complicated to secure.Organizational resilience comes into play,”says Global Security Strategist Mick Baccio.“So your cyber resilience will impact your organizational resilience.”Splunk Public Sector Predictions 2023|15Prediction:As ITOps and security tools and data converge,public sector CISOs wi
51、ll(gradually)take on more responsibility for broad IT resilience.The word“resilience”is coming up a lot more in IT and security circles.Given the last few years,its no surprise.Weve never been able to prevent every attack,error or outage,so the real issue is not only how well you can minimize such i
52、ncidents,but also how well you can recover from them.“There are pockets of functional resilience in any organization,”says Mark Woods,Splunks chief technical advisor in Europe and the Middle East.“Bringing that together from being functional to being fully business relevant is the problem for most o
53、rganizations.But at the moment there is no definition as to what,actually,that means for anybody.”“I often see resilience used as a synonym for cyber hygiene,”says Ryan Kovar,Splunk distinguished security strategist.“Resiliency of overall IT infrastructure is important,and cyber resiliency is a more
54、 focused aspect of that.”Woods says that regulation puts some sectors in Europe,such as finance,ahead of the game on resilience.Legislative and regulatory action comes more slowly in the United States,so organizations in the commercial and public spheres will have to manage their own strategies.One
55、way that well probably follow the European lead is to rely on CISOs for leadership around broader resilience.“In most organizations,the only people who know how to do robust monitoring properly are security,because its their lifeblood,”Woods says.“You cant do security without robust monitoring.Every
56、thing else,you can do without monitoring you just do it badly.”Splunk Public Sector Predictions 2023|16“Weve been talking about resilience across the enterprise for decades,”says Patrick Coughlin,Splunks group vice president of security products.Coughlin,who co-founded threat intelligence startup Tr
57、uStar,notes that in the past,you could ask 10 people what cyber resilience was and get 10 different answers.“But,recently NIST has done great work to define cyber resilience,saying that were now in an era where an incident is an incident whether youre talking about an infrastructure layer failure,a
58、performance issue in an application,a service outage,an insider threat,or an external threat actor.”he says.“If the resilience of the business is at risk from adverse conditions or malicious compromises,you need to quickly find the problem,fix it,and then layer in automation so you dont have to do i
59、t again.”As organizations get better at taking advantage of all their data,rather than siloing it with one team or one tool,security teams are able to take a more holistic approach to risk.“Were starting to see the organizational dynamics and definition of mission reflect the convergence at the data
60、 layer,”Coughlin says.“Job titles and job descriptions are changing to match,and the influence of the CISO is expanding across the enterprise to cover this broader definition of incident,meaning that the CISO is now weighing in on new decisions throughout the organization.”Thats the leading edge of
61、the private sector.LaLisha Hurt says the public sector will eventually follow suit with many newly appointed CISO roles.“Should the role of the CISO change?Absolutely,”she says.“But things are evolving and changing faster in the private sector than the public sector.In an ideal world,the CISO should
62、 be working closely with the CTO and CIO,creating a true partnership in combating cyber attacks and protecting critical assets.Silos still exist unfortunately,and partnership is definitely needed.Well see this trend developing in the next year and beyond.”Splunk Public Sector Predictions 2023|17Good
63、 Things Come to Those Who Wait PrepareAll good things take time,or so the adage goes.This is especially true for public sector organizations,which shoulder not only the burden of mission-critical operations,but also a greater scarcity of resources,compared to the private sector.Thats why nearly ever
64、y prediction weve made for the public sector is a prediction of a gradual evolution,whether its the convergence of security and ITOps,or an SBOM requirement at the national level.The real winners,ultimately,are going to be those who make investments to be data-forward.“Data is the new form of power,
65、”says Kriss Deiglmeier,chief of social impact at Splunk.“In the next one to five years,governments will realize the power of data and make investments to become more data-forward.More will use data to drive outcomes,to spend and invest effectively,starting at the agency level.”While the larger strid
66、es to become data-forward are underway,agencies and institutions will have to rely on existing investments and other short-term strategies to fulfill their missions in the here and now.They will take things into their own hands,implementing privacy regulations at the local and state levels,as well a
67、s forging information sharing partnerships with organizations in both the private and public sectors.“These public-private partnerships will continue on in their sharing of threat information,”Vida says.“Were going to see the next evolution toward operational collaboration,where industries will come
68、 together for planning,threat analysis and a coordinated defense against cyber threats.”Its a sign of the times:Smart strategies around talent,partnership and data technologies will allow public agencies to continue to serve the public,with the full reach of digital technology.Splunk Public Sector P
69、redictions 2023|19ContributorsLaLisha HurtLaLisha is industry advisor for the public sector,federal,at Splunk.An IT and security leader with more than two decades of experience,she has served at organizations in the public and private sectors,including GDIT,Capital One,GE and the Federal Reserve Sys
70、tem.Ryan KovarDistinguished Security Strategist Ryan Kovar leads SURGe,Splunks blue-team security research group.His background security research and engineering roles include serving as senior principal security engineer for DARPA.Which he wont tell us anything about.Juliana VidaJuliana is group vi
71、ce president and chief strategy advisor for the public sector.Before joining Splunk,she was a VP at Gartner,drove ships and flew helicopters for 24 years in the U.S.Navy,and held the role of Navy Deputy CIO in the Pentagon.Mark WoodsSplunks chief technical advisor in EMEA,Mark has been an engineer,c
72、onsultant,entrepreneur and CTO.He helps executive teams and international policymakers understand the seismic potential of data-driven approaches.Mick BaccioGlobal Security Strategist Mick Baccio joined SURGe after cybersecurity and threat intelligence roles in an alphabet soup of federal agencies.H
73、e was the first-ever CISO of a U.S.presidential campaign.He likes threat hunting,Air Jordans and“cyber vegetables,”in an unspecified order.Tina CarkhuffTina is industry advisor for the public sector at Splunk.She previously was the CIO of Houston,led executive programs at Gartner for K-12/higher edu
74、cation and healthcare,and founded the Cerebral Folate Deficiency Research Organization,helping families navigate the complexities of autism.Patrick CoughlinPatrick,Splunks VP of GTM strategy and specialization,comes from a deep security background.He was co-founder and CEO of TruSTAR,a cyber intelli
75、gence management platform acquired by Splunk.Previously,he led cybersecurity and counterterrorism analyst teams for the U.S.government and private sector clients.Kriss DeiglmeierKriss is Splunks chief of social impact and Splunk Global Impact.She is recognized as a social innovator,is a frequent spe
76、aker at global events,and was recently listed among the“50 Most Influential Women in U.S.Philanthropy”by Inside Philanthropy.For more 2023 predictions,see the IT/observability,leadership trends/emerging technologies and data security reports.Splunk,Splunk and Turn Data Into Doing are trademarks and registered trademarks of Splunk Inc.in the United States and other countries.All other brand names,product names or trademarks belong to their respective owners.2022 Splunk Inc.All rights reserved.22-25650-Splunk-Public Sector Predictions 2023-EB-108Learn More