In 2021, a record number of over 80 significant cyber incidents have taken place and government entities are struggling to keep up. These cyber attacks are continuing to harm these victims’ reputations, increase costs, erode the level of public trust. The rise in government cyber attacks and incidents presents a clear need for government entities and organizations to adopt new and better security practices.
WHAT IS ADAPTIVE SECURITY?
As the term adaptive security suggests, it is an approach to security that is designed to protect against security threats that are evolving and that can change rapidly. Defined by Gartner® in its recent report, “Top Trends in Government for 2021: Adaptive Security,” “the adaptive security model is one in which cybersecurity systems operate more like an autonomic biologic immune system. The adaptive security architecture features components for prediction, prevention, detection, and response. The adaptive model forgoes traditional notions of perimeter, assuming there is no boundary for safe and unsafe, a necessary conceptual shift given the migration to cloud services.”
Based upon this report, it’s our understanding that zero-trust networking is an example of an adaptive security model. But zero-trust networks are just one implementation. Adaptive security hones in on components of prevention, detection, response, and prediction, especially with the increasing utilization of artificial intelligence and machine learning. This requires organizations to continuously identify, detect, monitor, and reduce risks, versus operating with a point-in-time risk assessment approach.
SHIFTING FROM CHECKLIST COMPLIANCE TO RISK-BASED SECURITY
Governments have long faced urgent cybersecurity threats and these attacks have only grown in scope, impact, and targets. For example, between 2018 and 2019, known attacks on local governments rose 58.5%. Across the public sector, adaptive security can help address risk in a continuous fashion and enable government organizations to react and adapt as needed to new cyber attacks.
Using a point-in-time risk assessment approach or tackling security compliance with checklists will leave government organizations open to broader digital risk. As Gartner® notes, “[adaptive] security must now address risk not simply from an IT vector, but also across other domains like supply chain, operational technology and cyber-physical systems. From a threat perspective, the operative security assumption is not when, or if, threats will be present, but rather that threats are continuous.”
At LookingGlass, we believe a continuous approach to monitoring your organization’s attack surface – and the attack surface across all your suppliers and vendors – and enumerating the vulnerabilities across those attack surfaces is foundational to an adaptive security approach. If your organization is interested in learning more about how we can help you meet your security mission, contact us today.