While we may never know the full extent of the infamous 2020 SolarWinds hack, the ramifications, which impacted Fortune 500 companies and departments within the United States government, are still being felt. One result was that it prompted the Biden administration to issue an executive order to fast-track improvements to cybersecurity across federal agencies, with plans to move to zero-trust architectures within 60 days and encrypt all critical data within six months.
Governments face unique challenges in securing their IT networks. That’s as true here in Canada as it is in the United States. Canadian IT leaders have long known just how critical cybersecurity is to their ability to deliver services and maintain the public’s trust. The challenge is that government IT networks are not just complex; they often contain potentially sensitive data critical to economic or national security. This also makes enticing targets for cybercriminals.
With all of this in mind, and amidst the growing number of high-profile cybersecurity breaches making headlines worldwide, it’s worth exploring the issues keeping federal IT leaders up at night and what can be done to address those concerns.
Challenge: Reducing network and security complexity
While network changes can increase complexity over time, the events of the past years were incredibly challenging. Organizations that had to shift their workforce to a work-from-home model because of COVID-19 are now trying to determine what work patterns and physical footprints will look like going forward. For many, a hybrid work model, with workers spending at least part of every week working from home, is going to be the new normal.
For those looking at hybrid or remote work options long-term, implementing strong security that complements that new strategy is crucial. The reality is, endpoints remain the most common infection point for organizations. And today, remote workers have become an enticing target for cybercriminals looking to exploit undersecured home networks to gain access into the core network. So, in addition to traditional access controls and secure connections, organizations should be focused on securing remote devices with behaviour-based endpoint security designed to automatically detect and defuse potential threats in real-time, even on already infected hosts.
Because attacks like ransomware can happen quickly, manual remediation strategies aren’t enough. Organizations must protect network edges by investing in endpoint detection and response (EDR) solutions designed to immediately detect suspicious processes and behaviors, including in-memory attacks, and respond in real-time. When an EDR solution sees something suspicious, it should immediately defuse any potential threat by blocking external communications to a command and control server. It should also deny access to the file system to prevent data exfiltration, lateral movement, and ransomware encryption. It should then automatically investigate the attack using an advanced AI system and then either escalate the response by locking down systems while alerting users and systems administrators or, if benign, by returning all systems to normal. While patching and updating systems remains a critical component of any cybersecurity strategy, putting a plan in place to cover the need for emergency patches is also vital, especially now, given the rate and speed of today’s cyber attacks.
Another way government agencies can navigate uncertainty and boost protection is to find every opportunity to consolidate and automate their security architectures. A consolidation effort that integrates software solutions and enables critical security and networking solutions to function as a unified system—a process known as security-driven networking—can reduce costs and improve people and resource efficiencies. Some agencies, especially those with a significantly distributed geographical presence, are taking advantage of security-driven networking approaches such as SD-WAN and SD-Branch to seamlessly extend enterprise-grade connectivity and security solutions to their remote offices. These capabilities have enjoyed dramatic growth in the private sector because of their cost and performance advantages, along with greater operational flexibility. They are well suited to government agencies as well.
Challenge: Protecting the hybrid cloud environment
The pandemic has also increased the government’s focus on the cloud. Many of Canada’s 300,000 federal public servants are still working remotely, and some will do so at least part of the time into the future. But because each home office acts like a mini “branch” of the network, this increase in the number and complexity of network edges, provides an ever-expanding attack surface for cybercriminals.
Government agencies that use multiple cloud platforms or implement software-as-a-service solutions, such as productivity and collaboration applications, need to also implement a consistent and easy-to-manage cloud security strategy, to bring network and application security solutions together as a unified solution. These adaptive cloud security solutions must adapt to changing requirements and scale to meet the growing demand for greater agility, innovation, and user experience.
Solutions designed for dynamic cloud security can secure applications and connectivity from the data centre to the cloud. And they should also extend visibility and control across the entire multi-cloud infrastructure through a single pane of glass, to effectively manage risk. This central point of orchestration and management, enables organizations to gain broad visibility and define consistent cybersecurity policies throughout the entire environment.
At the same time, organizations should establish a zero-trust access (ZTA) strategy that includes segmentation and micro-segmentation. Security needs to be end-to-end, following data and applications wherever they may be located rather than being tied to a traditional perimeter that defines trust based on whether something is “inside” or “outside” of a network perimeter. ZTA restricts user and device access to specific resources based on contextual information, such as a user’s role, the type of device being used, or even when or from where a connection is made.
Challenge: Staying current in a rapidly evolving landscape
Bad nation-state actors and other cybercriminals are constantly evolving their techniques and becoming more sophisticated in their attacks. While the private sector is often targeted for financial gain, federal agencies are typically targeted for data theft, which can be harder to detect. And unlike most private sector organizations, government networks are often targeted by nation-states and political terrorists with deep pockets and near-limitless resources. Because these criminal organizations often target critical infrastructures, as several recent high-profile attacks in the US show, protecting against these threats is vital to national security and a well-functioning civil society. Yet, governments must also deal with fixed budgets, competing priorities, and protracted procurement processes. These restrictions can often result in cybersecurity measures that lag behind the market and determined cybercriminals.
For that reason, it’s worth exploring options for designing and implementing an advanced threat detection strategy. And, given the speed and complexity of modern cyber threats, security teams must also quickly detect and respond to an event before its objectives are reached. To minimize the impact of limited security responses and ensure a quick response, teams should also explore ways to integrate AI-driven automation into their solutions to help further drive speed and efficiency.
COVID-19 demonstrated how governments could continue to seamlessly provide services, even in the face of a global crisis. As we continue to learn from the events of the past 18 months while operating in an increasingly dangerous cyber environment, putting a focus on integration, efficiency, and foresight will pay dividends for government agencies and their security teams for years to come.