The public sector includes goods and services provided to the public through local, state, and federal government agencies. This sector is unique in both its access to resources and its cybersecurity needs. Recently, Public Sector Field CISO Jim Richberg shared some perspective about the current and future state of public sector cybersecurity.
Jim - The massive pivot to remote telework that began in March of 2020 broke the mold of how government services are delivered. Previously, government workers delivered services to citizens via face-to-face transactions in offices. Now, many government employees work remotely, providing digital assistance for citizens. Additionally, tools such as chatbots, intelligent agents, and other Robotic Process Automations (RPAs) are more common. This shift dramatically increases the size of the digital attack surface. Moreover, remote user environments do not have the same enterprise-grade security solutions as on-premise environments.
As government workers transitioned to remote work environments, cyber criminals and nation-state advanced persistent threat (APT) actors quickly followed. This led to the number of records exposed in public sector breaches roughly doubling in size last year. With the federal government, in particular, holding so many crown jewels in terms of data and services, it’s not a time to be complacent.
Jim - Expect 2021 to be the year of the hybrid—not the cars we drive when not in lockdown, but instead blended and hybrid activity by governments and, unfortunately, by threat actors. Remote work is here to stay, even if it’s not on the same scale as during the COVID-19 pandemic. Patterns of work are changing as RPA grows and intelligent automation looms. Expect threat actors to deploy multi-vector attacks, such as combining DDoS with phishing. These attacks may also have multiple impacts, as in the case of ransomware being combined with doxing. Mixed “best of breed” or “digital Frankenstein” attacks may come in the form of malware build by combining high-performing components of existing malicious software.
Though artificial intelligence (AI) and machine learning (ML), on balance, help cybersecurity defenders more than attackers, niches such as content generation for spear phishing potentially give the attacker an edge. For example, hybrid attack approaches leveraging AI can look at enough of your emails to mimic your syntax and style. But on balance, the network owner should have plenty of data at their disposal to know what is normal behavior and to use AI and ML to detect abnormalities. Intruders often try and fail repeatedly before succeeding in penetrating their target. Identifying evidence of those failures allows security professionals to see the as it happens and to essentially inoculate patient zero and everybody else in the enterprise at the same time.
Jim - Keep in mind that the public sector is not monolithic. It ranges from federal agencies with hundreds of thousands of employees to village governments with a handful of staff members. At the state and local level, one challenge is the need to do more with less. Resources diminished sharply as a result of the COVID-19 pandemic. At the same time, demand for services—often digital—accelerated.
For federal agencies in the USA, SUNBURST is a reminder that the United States government is a target of sophisticated nation-state APT actors. The activities of those actors can be difficult to detect or counter.
Jim - The public sector often lags in IT, but the indefinite continuation of remote telework means the home office edge will continue to be part of the threat landscape for government networks. RPA and intelligent automation add to this expanded edge, resulting in larger numbers of connections to disparate internal databases. Securing these new – and often vulnerable – connetions are vital and should be prioritized.
IT and OT are also converging as enterprises attempt to save money and increase efficiency. This includes efforts such as smart building automation and connections between IoT devices and mission-critical devices, as well as external services. Because of this, the act of securing the OT edge has also grown more critical.
Jim - Serendipity played a role in the success of securing remote telework for many agencies. This success often depended on chance, based on where those agencies happened to be in their upgrade cycle and what technology choices they had made. However, the “If you can’t be good, be lucky!” approach shouldn’t replace smart planning.
Essential for government agencies moving forward is spending efficiently while doubling down on upgrades such as SD-WAN. Secure SD-WAN helps save money, increase both IT and security staff efficiency, improve the user experience, and enhance security, productivity, and resilience. This is critical considering how the COVID-19 pandemic demonstrated the need for continued government services even when employees and citizens go into lockdown.