Government agencies have long been the target of cybercriminals. While motivations may vary, cyber criminals, hacktivists or foreign governments target this sector to collect personal information on citizens, access classified or confidential government information or disrupt and even halt the day-to-day operations.
As a recent Threat Landscape Report reveals, today’s cybercriminals are evolving across the kill chain, creating more ways to exploit, weaponize and control networks while continuing to leverage legacy cyberattack methods. In order for the public sector to properly address both new and old threats, it’s vital that agencies maintain proper security hygiene.
The introduction of new technologies like cloud-based storage, internet-of-things devices, software-as-a-service adoption and mobile devices into existing networks facilitates government’s digital transformation. While these additional capabilities and devices provide numerous benefits to a network, it should come as no surprise that they also introduce new vulnerabilities as well. Our research shows, for example, that in 2018 cybercriminals have been continually probing networks for any signs of IoT vulnerability.
Though the digital transformation signals a shift away from traditional network architecture, many agencies and departments are still operating with siloed infrastructure. The Modernizing Government Technology Act aims to address this by creating a fund that helps federal agencies retire siloed legacy systems while they pursue digital transformation. Agencies, however, are still limited in their capacity to identify and address threats, manage operations and enact networkwide system controls.
For some time, agencies have struggled with performing real-time, accurate threat identification across the network. While most government cybersecurity efforts can effectively address long-term threats with multiple-day attack capabilities, the need for real-time threat identification is becoming more urgent. In fact, in the first quarter of 2018 alone FortiGuard Labs found more than 6,500 unique exploits across various industries. What’s potentially more concerning is that we’ve also seen the market for zero-day exploits dramatically increase across white-hat, grey-hat and black-hat markets.
The importance of cybersecurity hygiene
With nations making headlines for alleged attacks on federal infrastructure, the disruption of the opening ceremony of the 2018 PyeongChang Olympics and the damages left in the wake of the SamSam and WannaCry ransomware attacks, government agencies have good cause to focus their cybersecurity attention toward large-scale threats. Yet agencies also cannot afford to be distracted from maintaining consistent, effective cybersecurity hygiene.
While the risk of large-scale threats is very real and comes with serious consequences, over-defending against these kinds of threats is akin to locking the windows but leaving the front door open. Without strict security hygiene, agencies run the risk of providing cybercriminals with enough attack vectors to exploit vulnerabilities — with or without zero-day exploits. In fact, researchers from the Online Trust Association concluded that 93 percent of cyberattacks across industries in 2017 could have been prevented had routine scans and patches been implemented. That’s why hygiene must be included in cybersecurity plans.
Proper cybersecurity hygiene goes beyond simply patching, however. For our recent report, we measured the persistence of botnet infections over the course of several days. The results indicate that proper security hygiene isn’t just about staying on top of patching but also includes being able to effectively clean up following successful attacks. Of the botnet infections we looked at, more than half were cleaned up the same day, but at the other end of the spectrum, about 5 percent managed to linger within a network for more than a week.
Maintaining effective cybersecurity hygiene
The need for government agencies to maintain effective security hygiene cannot be overstated. When IT professionals ensure that there is a day-to-day cadence for maintaining effective security hygiene, security posture within the agency dramatically increases. Furthermore, security hygiene limits the effectiveness of socially engineered phishing scams and accidental insider threats.
To help ensure security hygiene is being maintained, consider the following:
Identify and inventory key vulnerabilities. By focusing on the areas that harbor the most collective vulnerability, IT teams can both proactively address the vulnerabilities and prioritize their security hygiene efforts to more effectively mitigate those vulnerabilities.
Harden endpoints. New technologies and applications added to agency networks should meet basic security requirements and undergo routine scans to detect malware.
Network segmentation. Segmenting a network will help mitigate the damage from a successful attack and shorten the time it takes IT personnel to contain and eliminate network infections.
Track a wider scope of threats. While it makes sense to monitor high-priority threats, maintaining broader threat tracking and analysis allows IT professionals to better identify security hygiene weaknesses.
Merge network components into a security fabric. Combining various elements of a network into a security fabric centralizes and simplifies security and threat analysis. It also lets IT personnel to identify and address cyber threats from a central hub instead of managing fragmented point product solutions.
Government will always be a prime target. To help mitigate the risk of a successful attack, agencies should maintain and consistently update their cybersecurity hygiene. The best practices listed above will help make effective security hygiene possible without compromising defenses against high-priority threats.
Aamir Lakhani – Fortinet