Better prep for cyberattacks
By Tony Trama Aug 28, 2017
Many state and local government agencies have taken steps to address cybersecurity concerns, but too often those measures are insufficient or, worse, offer managers a false sense of security. In many cases, malicious code or a breach goes undetected for months because the agency has not implemented the tools and procedures that would have detected and mitigated those attacks. Many still rely on firewalls, signature- based detection and traditional antivirus products on their endpoints.
The constant pressure of limited budgets and fluctuating funding sources can be aggravating factors.
Government agencies are increasingly becoming targets for cyberattacks. In 2016, the Newark, N.J., Police Department was the victim of malware that infected several servers and prevented access to the department’s dispatching and crime data systems for three days. The police department got back online with the help of the city’s IT staff, the Essex County Prosecutor’s Office, the state police and the FBI.
In addition to attacks on law enforcement, critical governmental functions could be disrupted. State and local governments could see tax offices, municipally provided utilities, courts, and human resource and payroll systems compromised, to say nothing of the election infrastructure.
Nearly three-quarters of targeted entities learn of their breaches from an outside source such as the FBI. That sobering statistic underscores agencies' need to enhance their insight and reduce their response time from months to minutes.
A robust threat management strategy integrates multiple capabilities designed to blunt attacks before they breach the network perimeter. That holistic approach manages the overall health and security of the environment and mitigates threats posed by careless (or malicious) employees, hostile actors, organized large-scale attacks and other challenges.
The security protocol that assumes a breach has already occurred is taking hold among forward-thinking public- and private-sector organizations. The resulting heightened awareness ensures that security managers remain vigilant about what is going on “inside the walls” rather than focusing on defensive “moats and castles.” It will also enhance user awareness of and compliance with procedures that often go unheeded.
The following recommendations will help agencies as they move to a best-of-breed strategy:
Optimize security programs. Instead of managing for compliance and preparing for the next audit rather than the next attack, avoid catastrophic breaches by making defending the network a priority over “checking the box.” Use security intelligence and analytics tools to make real-time decisions.
Stop advanced threats. Consider implementing real-time prevention capabilities that can detect and block an attack at the network perimeter and endpoints and that will disrupt communications to a command and control server before significant damage is incurred. Become part of a security ecosystem by sharing threat and attack data with partners to improve advanced warnings. Use security analytics and make incident response a continuous closed-loop process. Exploit post-attack findings to prevent future incidents, and streamline the process with forensic and investigatory tools.
Identify and secure critical assets. Know where all sensitive information resides, including structured and unstructured data. Identify which applications access secure data, how that data is accessed and by whom.
Ensure that data is not over- or under-classified and that it meets the appropriate security frameworks (Health Insurance Portability and Accountability Act, Payment Card Industry Data Security Standard, General Data Protection Regulation, etc.). Consider implementing solutions that monitor database access, data integrity and data risk.
Secure cloud apps and mobile devices. Adopt a mobile device management strategy to deal with the proliferation of those devices. Choose a solution that allows you to decide which apps are installed, containerize apps and data, geolocate devices and wipe them if they are lost or stolen. Avoid the significant risks associated with “shadow IT” -- when users install solutions that they feel meet their needs even if IT managers have prohibited the practice -- by considering solutions that govern and monitor access to cloud- based resources via MDM so that you can manage and secure connectivity to the network from cloud-based platforms with easy-to-use portals.
About the Author
Tony Trama is director of security solutions at Micro Strategies.