A Synack Perspective for the Public Sector
The public sector is feeling the squeeze between an increase in cyber attacks and a lack of increased resources to keep up. In a recent survey conducted on behalf of SolarWinds, public sector respondents reported increased concern over ransomware, malware and phishing the most over the previous year, but time to detection and resolution had not improved for the majority.1 To bolster application security, the Office of Management and Budget (OMB) issued a memorandum directing agencies to identify critical software and implement the latest protections outlined by the National Institute of Standards and Technology (NIST). Another OMB memorandum presented a federal zero trust architecture (ZTA) strategy that requires agencies to meet specific cybersecurity standards and objectives by the end of FY2024.
These and other security mandates underscore heightened concerns about cyber attacks on governments, which are escalating due to several factors: an expanded attack surface (e.g., home and mobile workers); adoption of cloud computing; accelerated software development and deployment cadence; and a severe shortage of security professionals. Countering this threat requires a multi-pronged approach, including dedicated and continuous application security testing.