The rise in threat actor activity against federal agencies

Risk comes in many different forms in today’s digital world. All organizations must manage the growing business risks associated with a dynamic and complex at...

Risk comes in many different forms in today’s digital world. All organizations must manage the growing business risks associated with a dynamic and complex attack surface and cybersecurity threats. For instance, prolific threat actors like the Lapsus$ cybercriminal group have caused catastrophic damage to some of the most sophisticated organizations. Recently, the group carried out a ransomware attack against the Brazilian Ministry of Health, compromising vital information systems that underpin the country’s national immunization program and digital vaccination certificates.

Lapsus$’s actions serve as a reminder that cybercrime spares no country or organization. This is especially true for federal agencies as they face more unique challenges defending that nation’s most critical assets against cyber risks.

A borderless world involves progressive thinking

The world of cybersecurity ten years ago, when physical boundaries and sparse digitalization functioned as barriers separating criminals from their targets, does not exist now. Both organizations and their attackers are borderless today. By the time threats are discovered, their effects are already detrimental. Therefore, federal agencies must adopt a more proactive cybersecurity stance.

The demand for vendor-based information security services and solutions from the U.S. government is expected to expand from $11.9 billion to $15.4 billion between 2019 and 2024, growing at a 5.3% compound annual growth rate. Organizations are either protected or prey based on the severity, frequency and sophistication of threats.

Improving cybersecurity for federal agencies

Federal agencies have many of the same difficulties as the private sector, such as segregated functions, fragmented infrastructures, decentralized processes, resource limitations and skill gaps. Large-scale breaches were made possible because top officials couldn’t keep up with the barrage of security incidents due to a sophisticated threat landscape, greater complexity and speed, and severe resource drain.

The Cybersecurity and Infrastructure Security Agency issued several new guidances this year. Most recently, Binding Operational Directive 23-01 mandates federal agencies take necessary steps to improve their asset visibility and vulnerability detection capabilities in the next six months. However, it’s not as simple or quick to simultaneously establish cybersecurity perimeters around federal agencies and a centralized network to monitor them. Any service that touts itself as the all-cure remedy is likely to be complicated and pricey, but unable to fulfill its promise.

In 2023, we will see threat actors ramp up their attacks before new cybersecurity controls are implemented ahead of 2023 deadlines. This increase in attacks will likely come in the form of supply chain attacks as malicious actors seek to do their worst before they get caught. Instead of relying on mandates from the federal government that are years away, federal agencies must begin taking steps now to advance their security transformation. Here are two areas that will make those initiatives substantially more advanced:

  1. Focus on exposure risk

Two things are necessary for proactive cybersecurity: a thorough grasp of what must be safeguarded, and the ongoing intelligence required to anticipate possible attacks. Agencies can only put the best remediation procedures into place if they can see their entire attack surface, including the exposure points. Prioritization is difficult, and security professionals are overwhelmed with a constant stream of new vulnerabilities. Therefore, federal agencies must focus on which vulnerabilities are accessible to threat actors and can pose significant dangers to network assets rather than wasting important resources chasing after a massive volume of vulnerabilities.

  1. Introduce automation as table stakes

Federal agencies need to go beyond volume play and make cybersecurity investments that can effectively address a variety of concerns, as opposed to just adding human resources or tools to deal with every new threat. It is an undeniable fact that network complexity and the size of attack surfaces will increase over time, creating numerous security process gaps that can be easily fixed by leveraging automation. As data volume increases dramatically, automation will be required to keep security teams ahead of threat actors and decrease their need to hunt down every vulnerability manually.

The number of high-profile incidents over the last two years have made it clear how critical cybersecurity is to national security and economic health. Federal agencies must ensure a robust and cogent approach to cybersecurity preparedness, including a holistic focus on risk exposure, automated solutions and beyond.

Ed Mosquera is technical director at Skybox.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories

    Getty Images/iStockphoto/LeoWolfertCorporate security manager identifies a potential insider threat in a line-up of eight white collar workers. Hacker or spy icon lights up purple. Cybersecurity and human resources challenge concept.

    Emergent threats to the federal cyber community in 2023

    Read more
    Amelia Brust/Federal News NetworkCDM

    How federal agencies can leverage low-code security automation to meet recent cybersecurity executive orders

    Read more
    Amelia Brust/Federal News Network

    Preparing for a new era of government cyber threats: A risk-based approach

    Read more