Nearly three-quarters of ESG survey respondents want more federal cyber security activity ESG Recently Published a new Research Report titled, “Cyber Supply Chain Security Vulnerabilities Within The U.S. Critical Infrastructure.” The report can be downloaded from the ESG web site:http://www.enterprisestrategygroup.comAs part of the survey, we asked respondents whether the US Federal Government should be more active with cyber security strategies and defenses. Most respondents believe that the answer is “yes,” 31% said that the US Federal Government should be “significantly more active with cyber security strategies and defenses,” while 40% believe that the feds should be “somewhat more active with cyber security strategies and defenses.”Okay, but what exactly should the government do? ESG asked this question as well, here are the results:42% said, “create and publicize a “black list” of vendors with poor product security”42% said, “create better ways to share security information with the private sector”39% said, “enact more stringent cyber security legislation along the lines of PCI”39% said, “provide incentives (i.e. tax breaks, matching funds, etc.) to organizations that improve cyber security”36% said, “amend existing laws to hold IT vendors liable for security problems associated with their products”32% said, “enact legislation with higher fines for data breaches”26% said, “limit government IT purchases to vendors that demonstrate a superior level of security in their products and processes”23% said, “promote the use of FIPS-140 and common criteria certified products in the private sector”23% said, “provide funding for cyber security funding and education”22% said, “adopt and fund a public service campaign around cyber security education”Interesting mix of carrot and stick suggestions. I don’t think the IT industry would be too thrilled with “black lists” or changes in liability laws so expect lobbyists to push for federal incentives and programs.One other interesting note here: Heavily regulated critical infrastructure organizations with the highest levels of security were most likely to push for more stringent regulations. It appears that something is lacking in current cyber security legislation that heavily regulated organizations recognize and want to change. Related content analysis 5 things security pros want from XDR platforms New research shows that while extended detection and response (XDR) remains a nebulous topic, security pros know what they want from an XDR platform. By Jon Oltsik Jul 07, 2022 3 mins Intrusion Detection Software Incident Response opinion Bye-bye best-of-breed? ESG research finds that organizations are increasingly integrating security technologies and purchasing multi-product security platforms, changing the industry in the process. By Jon Oltsik Jun 14, 2022 4 mins Security Software opinion SOC modernization: 8 key considerations Organizations need SOC transformation for security efficacy and operational efficiency. Technology vendors should come to this year’s RSA Conference with clear messages and plans, not industry hyperbole. By Jon Oltsik Apr 27, 2022 6 mins RSA Conference Security Operations Center opinion 5 ways to improve security hygiene and posture management Security professionals suggest continuous controls validation, process automation, and integrating security and IT technologies. By Jon Oltsik Apr 05, 2022 4 mins Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe