Key trends in federal cybersecurity investment

Is your agency prepared to detect and respond to a cyber event? 

Conduct a cyber tabletop training exercise each year and include multiple stakeholders from the start.

Large multiagency tabletop exercises have shown how preparation for a cyber response helps organizations enhance their cybersecurity posture. Including multiple groups, such as legal, public affairs and business units, into tabletop exercises is critical for success. 

Prioritize and implement a cyber supply chain risk management (SCRM) program – early detection of supplier risks will enable risk-informed decisions.

With continued federal government requirements for stronger SCRM, agencies must prioritize SCRM and establish programs to mitigate risk as supply chains are increasingly targeted by adversaries.

Cyber threat intelligence (CTI) programs are essential – actionable intelligence tailored to your agency needs.

CTI enables effective decision-making to mitigate information security risks​. CTI is not just an indicator of compromised feeds or detection signatures. It is a holistic program designed to inform information security risk mitigation and provides the foundation for threat hunting, controls design for defense in depth and other risk mitigation strategies.

Be prepared across all five pillars of zero trust – establish a security framework that covers all aspects of zero trust.

Zero trust frameworks and use cases vary by organization and function. EY teams are help multiple agencies focus on business and cyber use cases with zero trust solutions across the five pillars to include mapping to the DHS CISA Zero Trust Maturity Model.