Written by: Wissam Saadeddine, Infoblox
The public and private sectors have many differences, one characteristic is similar; that is cybersecurity and threats. Both sectors feel the pain of not having a sufficient community of trained and available security staff to hire, both are constant targets of phishing and related social engineering attacks and both are trying to balance the three-pronged attacks of the pandemic, the relocation of employees to work-from-home status and increased risks from attacks on cloud assets.
The following are considered to be the noted challenges for both government and private sectors:
- Workers are being required to work from home with available resources
- IT and security staff must provide WFH employees with new equipment, which has major implications for IT budgets
- Users are connecting to government networks from untrusted and often compromised home networks
- Users are employing personal equipment and IoT devices to connect to government networks and clouds that might not be secured to the governmental agency’s security standards
Government operations potentially can impact much larger groups of people than a corporate attack. Depending on the government entity targeted, the effect could impact critical infrastructure at all levels. The COVID-19 effect of draining critical financial resources to fund purchases of hardware and software for newly displaced employees, plus expenses for significant increases of cloud services and, in some cases, a forced digital transformation from the on-premises data center to cloud-based assets, is putting a strain on both financial and staffing resources.
From the citizenry perspective, the pandemic has opened the proverbial Pandora’s box of fake “official” websites devoted to COVID-19, misinformation from websites purporting to be the Centers for Disease Control and Prevention, and other government and medical facilities that are watering holes for malware and ransomware attacks on hospitals delivered in emails purporting to be information about COVID-19.
What can government agencies do to defend themselves against such attacks?
While public and private sectors have some differences when it comes to issues such as disclosure and confidentiality, the basis is the same. At the core is user education. Helping government employees understand good cybersecurity hygiene is essential. With the vast majority of office-based government employees working at home, agencies need to focus on the basics of identity management; implementing zero trust to protect networks from untrusted users, devices, applications, and network connections; and ensuring that data is protected from unauthorized egress and access.
For those governmental agencies without existing threat intelligence capabilities, now would be a good time to invest in a comprehensive program that includes a mix of traditional data feeds, specialized feeds focusing on specific requirements for a given agency, an open-source intelligence (OSINT) feed, and greater emphasis on understanding the threat intel an agency already is generating from its existing SIEM systems and related log systems.
Government agencies also should take advantage of several emerging technologies to further enhance their existing security policies. For example, security orchestration, automation, and response (SOAR) enhance the speed and reliability of existing operations. For cloud-based operations, a cloud access security broker (CASB) is on-premises or cloud-based security policy enforcement placed between cloud server consumers and providers. It interjects enterprise security policies as cloud-based assets are accessed.
Continuous management and monitoring add another dimension to protecting government networks. As a key target of bad actors and nation-state cyber attackers, continuous monitoring is essential; any lapse can let attackers have access to a system, even if just momentarily.