With a growing number of advanced threats across the Federal landscape, Small Business Administration (SBA) Chief Technology Officer Sanjay Gupta, encouraged agencies to view cybersecurity as a “team sport” and a proactive sport to gain a better cyber posture.
During a Sept. 22 webinar from GovLoop, Gupta said agencies can achieve this through collaborating with other agencies and industry, investing in their entire staff, and looking at proactive measures they can take to foresee cyber threats before they become “real threats.”
“I certainly believe, and I sincerely feel like cybersecurity is a team sport,” Gupta said. “There’s no single organization, in my view, that has the wherewithal to be able to manage, monitor, and secure everything that they’re faced with. So, what that means is you have to collaborate, you have to partner with industry partners, with other Federal agencies like CISA [Cybersecurity and Infrastructure Security Agency] and others, and be able to join forces and be able to have a unified front.”
Another way agencies can achieve a united front is through investing in training for all of their staff, not just the cyber staff, on cybersecurity efforts, Gupta said.
“Invest in your cyber staff and invest in your entire staff, meaning all of your users in the organization,” Gupta said. “Email phishing is one of the most common and the most widely known cyberattacks… you have to train all of your users in your organization to learn to recognize those phishing emails and not be caught by that phishing email. And so that’s an investment in training.”
“On the cyber side, you have to continue to invest in your staff, because the threat landscape and the bad actors are investing more and more so you have to continue to invest in that,” he added. “And I think more importantly, you have to start looking into what I call is proactive views into this. Typically, cyber has been a reactive sport.”
Gupta said SBA established a “proactive threat hunting game” in which staff searched for cyber threats and tried to mitigate those threats before they turned into “real threats.”
He went on to explain that the threat landscape is only going to get more advanced and difficult to navigate. He stressed agencies and industry need to be prepared to protect their organization and invest in cyber tools.
“The threat landscape is only going to become more complex,” Gupta said. “Investments into foundational things like the zero trust principles, those are really key and important for every organization, it doesn’t matter if you’re in the public sector or private sector, the concept of zero trust applies there.”