Today I had the pleasure and privilege of moderating a session during our virtual Conference for Advancing the Public Sector entitled “Cybersecurity Trends: What's Next and How to Prepare for It." This was one of a half dozen sessions presented today. MCP created CAPS five years ago to bring together the public sector’s greatest minds to explore the sector’s greatest challenges and opportunities.
The cybersecurity session featured MCP’s Richard Osborne and Jason Franks. Osborne dove into the chilling reality of the current cybersecurity threat environment, stressing that many public-sector infrastructures are outdated and ill-equipped to handle the speed at which cyberattacks, especially those driven by artificial intelligence, can unfold. Cyberattackers are leveraging AI to automate attacks, find vulnerabilities within minutes, and exploit them before defenses can react.
Franks highlighted a critical gap he often sees in public-sector organizations, i.e., the absence of a top-down approach to cybersecurity governance. He stressed that leadership must prioritize cybersecurity as a core issue, ensuring that accountability flows from the top of the organization through every layer. Without this, compliance and effective risk mitigation become nearly impossible, leaving organizations vulnerable to increasingly complex threats, he said.
The discussion then turned to the offensive and defensive strategies necessary for robust cybersecurity. Osborne advocated for a primarily defensive approach but underscored the importance of understanding offensive tactics to test and strengthen defenses. "You need to think like a hacker," he said, further emphasizing the value of penetration testing and proactive threat hunting to anticipate and counteract potential breaches.
Franks concurred, adding that a layered defensive strategy is essential. He highlighted the critical role of inventory management and patch management as foundational elements of a solid defense. "If you don't know what you have, you can't protect it," he said, adding that multifactor authentication no longer is optional but rather is the bare-minimum requirement in today’s threat environment.
Both Osborne and Franks emphasized that while it’s impossible to prevent all cyberattacks, the goal should be to make it as difficult and costly for the attacker as possible, i.e., a well-protected system may convince them to move on to easier targets.
When asked what keeps them up at night, Franks pointed to complacency amongst public-sector organizations when it comes to cybersecurity, while Osborne pointed to the potential for nation-state-sponsored cyberattackers to exploit vulnerabilities in public-sector infrastructures, possibly disrupting critical services on a national scale. Their insights underscore the urgent need for proactive, well-funded, and continuously evolving cybersecurity strategies.
Tomorrow, we present day two of CAPS 2024 — click here to learn more and register. We hope to see you then — I guarantee that you’ll find it time well spent.
Glenn Bischoff is MCP’s content specialist.