Federal agencies and critical infrastructures have long been a focus of cybercriminals with varying motivations. Cybercriminals, hacktivists, foreign governments, and more target these agencies as a means of collecting personally identifiable information on citizens, accessing confidential government information, or to generally halt or disrupt daily government operations. Aside from cybercriminals with malicious intent, federal agencies are also susceptible to data leakage and threats carried out unknowingly by insiders, with 54 percent of respondents to a recent survey identifying careless employees as a top threat to government networks, as compared to foreign governments at 48 percent.
Even as federal IT leaders work to fortify their networks against cyberattacks, other issues such as legacy IT, and limited budgets, security resources, and IT personnel, especially those with cybersecurity expertise, have meant agencies still remain at risk of phishing and DDoS attacks, malware, ransomware, and more.
While cybercriminals continue to target federal agencies for the wealth of information they can provide, those organizations that fail to increase security controls and policies will face inevitable breaches from increasingly sophisticated attacks.
As we have recently seen, critical infrastructure is especially at risk of advanced threats, especially those attacks that leverage modern technology to more effectively locate vulnerabilities and then rapidly deliver multi-vector attacks that leave minimal response time for IT teams. Complicating things further, sophisticated botnets such as Reaper are also now leveraging automation and swarm technology to carry out attacks that can be updated with new vulnerabilities based on specific targets. In addition to sophistication, the modern threat landscape is also about just plain old volume. According to FortiGuard Labs’ recently published Threat Landscape Report for Q4 2017, attacks are also now occurring more frequently, up 82 percent per firm over the quarter before, while malware families and variants are up 25 percent and 19 percent, respectively.
As cybercriminals make their arsenal stronger, faster, and larger, most traditional security solutions and policies no longer provide sufficient protection at the federal level.
Lawmakers have long realized the risk to critical infrastructure and federal agencies that derive from outdated equipment and processes, and are taking steps to change that. In 2017, both the Modernizing Government Technology Act and the Cybersecurity Executive Order were signed in order to accelerate the modernization of both federal infrastructure and cybersecurity.
The Modernizing Government Technology Act will create a fund enabling agencies to retire legacy IT systems and pursue digital transformation. A strong emphasis is being placed on moving federal workloads to secure clouds and cloud-hosted applications, while also updating government applications. The Cybersecurity Executive Order also emphasizes the modernization of government technology as a means to enhance cyber defenses and make federal agencies less susceptible to advanced threats.
However, with the limited resources that many agencies have available, many are concerned that modernization without having the security tools in place designed to support these new deployments will actually exacerbate risks. A recent survey of IT decision-makers in the federal government showed that 66 percent cite IT modernization as a primary cause of increased security challenges.
To effectively modernize federal agencies while accounting for limited staff, modern network defenses must be deployed alongside and simultaneously with new IT investments. Integrated security solutions that utilize automation and machine learning ensure that risks are detected and mitigated in real time, while relying less on manual efforts from IT teams.
To that end, Fortinet has recently launched several new solutions that leverage automation and artificial intelligence which promise to usher in the next generation of cybersecurity. As federal agencies begin to modernize infrastructure, incorporating these solutions will ensure robust security that can seamlessly adapt as each new solution is adopted.
As federal agencies begin to modernize legacy IT infrastructure as a means to meet the demands of our emerging digital economy, they must also update their legacy security IT with solutions that can support these modern, distributed environments. Enhanced visibility, integration, and automation will be necessary to defend critical infrastructure from sophisticated attacks. These next-generation tools from Fortinet promise to secure IT modernization across federal entities.
You can read the full news releases announcing Fortinet’s FortiOS 6.0 and FortiGuard AI in our newsroom.
Read more about Fortinet’s solutions for Federal Agencies.