Wayne Lewandowski, vice president of federal business at Thales e-Security, has said he believes the U.S. government should shift cybersecurity spending from endpoint or network security to enterprise-wide protection of possible targets such as data.
The report, prepared by Thales e-Security and 451 Research, also revealed that only 25 percent of federal agency respondents believed there were no identified breaches or intrusion in their networks — the lowest among all sectors surveyed.
“We’re still seeing a significant investment in network security and endpoint security as a way of solving the problem and quite frankly that’s not where the issue is,” Lewandowski noted in the interview.
“We have to make the assumption that the adversary is in our network and has accelerated their ability to gain higher levels of access to privileged user accounts,” he added.
Lewandowski told the station he observed attackers are more interested in monetizing exfiltrated data, such as personally identifiable information, than carrying out nationwide attacks or breaches of that nature.
He said insider threats and attacks can be mitigated through access controls, proper key management and encryption, which can reduce privileged users’ operating space without impacting their effectiveness.