How has the cybersecurity landscape changed for government agencies?
The pandemic has pushed the focus of cyber criminals to the “work at home” infrastructure as many companies and governments moved to the cloud for their digital operations and employees worked from home. Today, there exist scores of new attack endpoints, and S&L government is a ripe target for attacks due to lack of comprehensive security policies, funding for security initiatives, and fractured responsibility among federal, state, and local governments.
Here are some sobering statistics from the Verizon 2021 Data Breach report: 85% of breaches were caused by a human element; 61% involved use of unauthorized credentials, and phishing rose to 36% (up from 25%). Web attacks made up 80% of attacks, and more than 10% of breached systems involved ransomware – double 2019 numbers. Ransomware attacks are now targeting groups that can pay and cryptocurrency has monetized every network for attack.
Human negligence continues to be the leading cause of security breaches. Privilege abuse, configuration mistakes, old, unpatched software paired with ignorance of security policy are common IT challenges. Bad actors are out there and will continue to find a new way to make money at our expense.
What are the most pressing cyber threats agencies should be preparing for?
Data security threats are even greater in government because of the precious information we store: Social Security numbers, birth certificates, driver’s license information; bank account and credit card information; and addresses for millions of people.
Attackers are posing as government agencies to get data through phishing attacks. These strategies dupe citizens who think some emails and texts come from official channels. Phishing is a key entry point to those type of threats. Not adhering to separation of duties and enforcing least privilege policies can expose more data if an attacker gets any access. Ensuring that your collaborative partners also share these data protection policies will prevent them from releasing your information to the wrong people.
You can minimize the effect of ransomware with a true business continuity plan – one that includes your key systems and their related systems. So, if your systems are destroyed though malware, you have an alternative system to operate. Be careful to ensure your plan for maintaining alternative systems current doesn’t compromise them. Disk mirroring doesn’t know what it is copying – so it can copy the compromised data as well as the malware. Databases that copy transactions using software is less likely to copy a “bad” item to your alternative site.
How does the evolution of infrastructure from on-premises to cloud-first change the cybersecurity conversation?
When systems were on-premises, you had separation of the human administrators – servers, network, appdev, and database. Each group had total control of their area – some had gold images, some had policies, but generally policies were not shared or spread across groups.
In the cloud, these can be shared responsibilities – sometimes with the cloud provider added to the mix. It is important to maintain the separation of duties and least-privilege access. Because humans make mistakes and mistakes cause security holes that can be exploited by cybercriminals. The more access you have to more elements – the more likely you are to make a mistake or the more dangerous you could be as cybercriminal.
Perimeter security is not sufficient; you need a 360-degree approach – core to edge, secure inside and out. Multi-factor authentication is required across all devices. Cloud also brings better automation which can prevent mistakes and keep patching updated without bringing down critical systems.
Many breaches have been preventable; for instance, the patch to the software existed but it wasn’t applied. Cloud automation and autonomous software is self-patching can prevent this type of breach. Many clouds provide artificial intelligence and machine learning as well as user behavioral analytics to the cyber game – bots against bots – good guys against the cyber criminals.
Why is having a full end-to-end (data to the edge) approach to cloud optimal?
An organization’s security is only as strong as its weakest link – and that can be anywhere in the chain from data to edge, on-premises to cloud or multi-cloud. It’s important to secure all the components and be proactive. Security must be built in, not bolted on and that’s from policy to products. It needs to extend to partner agencies as well. Organizations must assume a “zero trust” architecture including their supply chain.
Automation and security assessments are critical tools that the cloud provider leverages to prevent humans from making mistakes. For example, with Oracle Data Safe, you can evaluate the security risk of any Oracle database – in cloud or on premises. With Maximum Security Zones and Cloud Guard, configurations are set and checked to ensure that someone doesn’t violate security policies. Using automation prevents human errors in deployment. And developers need to follow better security principles in a typical devSecOps environment.
Six action items to secure your infrastructure
Here are six ways to get started:
- Training and a consistent policy. Make sure that everyone in the organization understands the importance of security, policies and procedures that need to be maintained, and the outcomes if there’s a breach. If possible, ensure that external users such as constituents and vendors are a part of your training plan.
- Protect your key assets! Maintain a separation of duties at all levels, ensure encryption for all data, and enforce least privileged access at every layer.
- Automate whenever and where possible to reduce human errors and ensure that software is patched to the highest level. Leverage tools with artificial intelligence and or machine learning, which can learn threat behaviors and how to defend against them. Human error causes more than 80% of breaches.
- Share best practices with other states and local governments. Leverage resources and benchmarking from the Multi-State Internet Sharing and Access Center (MS-ISAC), NASCIO, the Department of Homeland Security, and others. Note that StateRAMP is in process to help bring consistency to cloud deployments similar to FedRAMP accreditations.
- Avoid complexity in monitoring and management – it is the enemy of cyber security. A unified view of security is required with all parties involved. This doesn’t mean a single product, but rather a comprehensive view of the security landscape. Security is a shared responsibility.
- Leverage the cloud for cost-savings and efficiencies so you have funds for new security approaches. This includes the ability to get immediate and cost-effective infrastructure for backups, disaster recovery, testing and patching. Such a security posture will help with ransomware attacks.
Remember not to take continuity of operations processes lightly – they can help combat ransomware and other cyber breaches. You also need to ensure that people, processes, and technology are part of an integrated plan. Ask yourself questions, and make sure you have the answers. Examples include:
- Do you have your data and ecosystem in another environment to continue operations?
- Is that environment secure? Can your people network into that environment? Have you include all related systems and connections?
- Is your data encrypted? Do the replicated systems move the malware as well?
Look for the "low-hanging fruit” to prevent ransomware. By that I mean a disaster recovery policy. Your security providers likely have some assessments that can help you identify weak points in your current environment and can help with recommendations for the future environment.
Finally, remember that cloud providers like Oraclefight cybercriminals every day – so let them fight for you, too!