Researchers looking at tablet

Top seven government and public sector cyber trends


It is more important than ever to learn how your organization can implement these top trends into an effective strategy and framework.


In brief

  • 56% of executives surveyed do not know whether their defenses are strong enough for hackers’ new strategies
  • 75% of all security failures by 2023 will result from inadequate management of identities, access and privileges
  • 21% of organizations currently believe they have an effective framework to mitigate risk

With cyber threats increasing at an alarming rate, there has been a whirlwind of government activity related to cybersecurity. Viewing cybersecurity government guidance through many lenses will help agencies strengthen their cybersecurity efforts — enabling the strategies, architectural models and investments to move forward.

EY has highlighted seven cyber trends as they relate to federal and state and local agencies.

1. Cyber planning and strategy

Defenses could be stronger
of executives surveyed do not know whether their defenses are strong enough for hackers’ new strategies
  • Federal agency cyber plans are required to implement zero trust architecture to comply with Executive Order (EO) 14028, “Improving the Nation’s Cybersecurity.”
  • For state and local agencies, plans are required to receive grants via the Infrastructure Investment and Jobs Act.
  • More regular cyber assessments are needed to understand current maturity and high-risk security gaps.

2. Cyber supply chain risk management (C-SCRM)

Impacted by one attack
organizations that were potentially impacted by the SolarWinds attack in December 2020
  • New requirements for stronger C-SCRM for the federal government will be required through the Federal Acquisition Supply Chain Security Act and EO 13873.
  • There is a lack of C-SCRM programs and resources to manage and mitigate supply chain risk and no proactive measures.
  • Supply chain exploitation will continue to rise and be a major source of cyber attacks.

3. Cloud security

Barrier to cloud value
of executives view cloud security as a significant barrier to realizing cloud value

  • Most agencies have not implemented cloud security controls to protect access, credentials, data and continuous safe operations.
  • Federal, state and local agencies are at varying stages of cloud adoption

4. Identity and access management (IAM)

Security failures due to lack of proper data management
security failures by 2023 will result from inadequate management of identities, access and privileges
  • Digital user IAM strategy, governance and transformation are required to comply with EO 14028. 
  • Federal agencies have legacy IAM infrastructure that cannot keep pace with migration to cloud platforms and a fluid network perimeter.

5. Cyber operational technology (OT)

OT target attacks
OT target attacks occurred since 2018

  • Current OT used by state governments is vulnerable and poses risk to residents.
  • Agencies that leverage OT do not have appropriate governance structure and lack integration with enterprise security.

6. Risk management framework (RMF)

Have an effective framework
organizations currently believe they have an effective framework to mitigate risk
  • A large number of federal agencies have accumulated layers of redundant, ineffective and misaligned risk management controls that rarely address cyber risks sufficiently.
  • Federal agency chief information security officers and chief privacy officers are revisiting RMFs following the National Institute of Standards and Technology (NIST) 2020 update to its flagship risk management guidance (i.e., SP 800-53 Revision 5).

7. Ransomware readiness and resilience (R3)

Increase in disruptive attacks
Increase in attacks seen by companies in the last 12 months
  • A large number of agencies don’t have playbooks to respond to ransomware systematically to limit mission and financial impact.
  • Overreliance exists on cyber insurance as the primary means to protect against ransomware. 
  • Lack of basic cyber hygiene causes most ransomware attacks.

Learn how EY can assist with each of these seven trends by downloading full document.


Summary

EY highlights trends in cybersecurity for the government and public sector and how we can help create strategies and solutions for future frameworks



About this article


Contact us
Like what you’ve seen? Get in touch to learn more.