Security solutions provider Norman has released a new white paper that identifies the problems federal government agency IT security teams are confronted with.
The paper, “The Last Line of Defense: The Role of Malware Collection and Analysis in Securing Federal IT Systems,” not only identifies the issues, but also provides some solutions for them.
Government organizations and their contractors are often the victims of advanced targeted attacks (ATAs) and advanced persistent threats (APTs). The information that’s stored in their networks is seen as a valuable loot by individual, nation-state and political actors.
The main problem of such organizations is that they do not only have to ensure that their systems are properly protected, but they also have to be in compliance with a number of regulations, such as the Federal Information Security Management Act.
“Ironically and somewhat counter-intuitively, time and effort spent ensuring that an agency’s network is in compliance with all regulations often competes with – and sometimes even takes time away from – attention to providing actual data protection using the very best tools, systems, and methods available,” explained Michael Rosen, the author of the paper.
The expert highlights the fact that compliance and best practices are not the same. That’s mainly because compliance requirements fall short of IT best practices.
While specific-industry best practices evolve at a rapid pace, it could take up to 3 years for legislation and regulatory changes to be made.
Organizations compliant with current legislation might be capable of defending themselves against common pieces of malware, but they don’t stand a chance against persistent threats and targeted attacks.
Norman is currently offering government agencies and qualified contractors free advanced malware risk analysis as part of a strategy to assist federal IT security teams in their efforts towards a real best practices approach.
The white paper is available here.