Four steps to build cyber resilience in the public sector

Nation-state-sponsored cyber attacks pose an ever-present risk to the public sector. But in a year when more than fifty countries are heading towards high-profile elections, it is more important than ever that democratic countries strengthen their defenses against malicious actors. With a recent and urgent warning from GCHQ highlighting the severity of modern geopolitical cyber risk, strengthening cyber resilience should be a top priority for the public sector. The security and operational success of government organizations are increasingly in the public eye. As a result, threat actors know that the national and reputational damage of a successful attack is significant, providing ample ammunition for extortion. But while financial gain may be attractive to ransomware groups, nation-state attackers will see an opportunity to cause devastating disruption and undermine our national security. It may sound obvious, but all critical providers of national infrastructure must have a clear understanding of the threat.

Mark Jow

Technical Evangelist for EMEA at Gigamon.

Worryingly, there is a common misconception that threat actors must use highly complex hacking methods to break into networks, while simple blind spots remain. The weakest point of an organization’s defense is almost always its own people. Bad actors will often secure their first foothold in a corporate network through social engineering tactics, tricking organizational members into exposing their companies to malware or revealing their credentials on a fake login page. This problem is exacerbated by hybrid cloud environments in which users access corporate and cloud-based networks through personal devices or on unsecured networks while away from the office. Now that national actors have sufficient resources and time to detect critical vulnerabilities, proactively strengthening defenses is crucial.

There are four steps that governments and public sector organizations can implement to increase their cyber resilience:

1. Reduce inherent trust

Because people are the main entry point into networks, the first step in any security strategy should be to reduce inherent trust wherever possible. This puts organizations on track to implement Zero Trust, allowing them to mitigate risk by identifying suspicious access and preventing the escalation of privilege.

It is critical that organizations identify their crown jewels before making changes to their security strategy. Whether it concerns operationally critical servers or sensitive data, or both, access should be limited to only the specific individuals who need those resources. All government organizations should also implement strict multi-factor authentication (MFA) controls, adding a much-needed extra layer of defense to their access point. The recent Change Healthcare breach in the US, where credentials for an account without MFA were misused, should mark a turning point in bringing multi-factor authentication to today’s businesses.

2. Practice defense in depth

Securing endpoints is not enough, especially for government organizations. A layered approach to security is essential to ensure that if one security barrier fails, threat actors do not flood the ports and roam freely on the network. A true Zero Trust strategy applies “defense in depth” by implementing multiple policies, tools, and processes that go beyond the perimeter and endpoint detection tools. Micro-segmentation is a crucial part of this, splitting the network into multiple sections with access controls at the entrance to each segment, allowing security teams to see and control every move within the network. This is the first step toward better lateral traffic visibility and, when combined with MFA protocols at access points, creates a fortress from within.

Building an IT environment with Zero Trust at its core not only creates a safety net, but also improves security teams’ ability to analyze and learn from each breach attempt. Detecting and responding to threats is critical to any security situation, but for the public sector, being able to neutralize and analyze threats with minimal disruption should be a number one priority.

3. Address blind spots and leverage real-time network intelligence

Achieving complete network security goes beyond access control: it must be secured from the inside. Organizations must actively look for and address blind spots and work to achieve full visibility into every corner of their network. With the increased proliferation of public and private cloud environments, blind spots are most commonly found in East-West (lateral) and encrypted traffic. So it is imperative that security leaders in government organizations implement tools that provide not only network-level intelligence, but also full visibility into all data and activity on their networks. By achieving this level of deep observability, security teams can eliminate critical blind spots, shed light on every dark corner of their networks, and uncover threats hidden in encrypted traffic.

The proliferation of tools should be a concern on every security leader’s mind, but consolidating under one vendor isn’t always the best path forward. Instead, security teams should focus on ensuring their tools work efficiently and fit the specific needs of their organization, shifting the focus from consolidation to optimization. It’s not about having all the tools, but about having the best tools that together cover all assets and data. This again goes back to having full visibility into network traffic, be it lateral or encrypted. Security teams should try to fine-tune the data fed into their tools, as not all network traffic needs to be decrypted or sent to every single tool.

Organizations can use tactics such as application filtering and deduplication to effectively manage their traffic and direct it to tools, while maintaining adequate visibility. Application filtering involves separating traffic into high and low risk by distinguishing between ‘trusted’ traffic signatures so that only high risk traffic is decrypted. While deduplication ensures that each new data packet is decoded only once before it can flow through the network. Both tactics can significantly increase the tools’ efficiency while maintaining the visibility needed to keep the network secure.

Conclusion

The evolving cyber landscape and the growing threat from nation-state attackers create a complex environment for government organizations to navigate. Securing operations against attacks is no easy task, but it is critical and must be informed by real-time, network-based intelligence to ensure all blind spots are addressed before they can become critical incidents.

We recommended the best encryption software.

This article was produced as part of Ny BreakingPro’s Expert Insights channel, where we profile the best and brightest minds in today’s technology industry. The views expressed here are those of the author and are not necessarily those of Ny BreakingPro or Future plc. If you are interested in contributing, you can read more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Related Post