This content is written by Jim Richberg, the public sector CISO for Fortinet.
If you’re involved in cybersecurity, you don’t need a crystal ball to know that attacks are going to continue in 2022. And as someone who works in a government agency, you have data and assets that malicious cyber actors ranging from sophisticated and potential state-sponsored groups to criminals will go to great lengths to get. According to a report from FortiGuard Labs on the threat landscape, threats may come from nation-states, from proxy actors working on their behalf or from criminal groups or syndicates that are becoming more organized and sophisticated than ever. Dealing effectively with this broad array of potential threats requires a broad spectrum of cybersecurity capabilities and replacing a ‘moat and castle’ defense mentality with the principle of zero trust.
Deception technology has also emerged as one of the best approaches to deal with the increasingly sophisticated and stealthy nature of cyber attacks against government targets. Using a collection of digital decoys and honeypots, deception technology works to both help detect stealthy intruders (or malicious insiders) and confuse and slow their progress within the network. It can help organizations discover intruders before they can do much damage and can help network defenders assess the tactics, tools, and motive of the intruder by watching and recording their actions.
The bottom line is that subpar cybersecurity on government networks puts the data of its citizens and potentially essential services at risk. As you work to plan for the upcoming year, you should pay special attention to these three trends in 2022.
1. The Digital Attack Surface Will Increase
Agencies are working to expand their networks to accommodate work-from-anywhere (WFA), remote learning, and new cloud services, and each of these initiatives give malicious cyber actors new areas to exploit. Now they are moving beyond simply targeting an organization’s core network and exploiting the extended network edges including data and resources located in multiple clouds.
This expansion of the digital attack surface means government agencies should move away from traditional perimeter-based security and implement zero-trust security sooner rather than later. Instead of relying only on VPN technology, agencies should move to zero trust network access (ZTNA) and multifactor authentication solutions to secure remote access. ZNTA offers least privileged access, which grants access to only the resources users need to perform their jobs and nothing else, enhancing security at the application level. Agencies also should consider secure software defined wide area networking (SD-WAN) solutions for security and WAN path control at the branch edge and so that they can dynamically segment their networks restricting an intruder’s access to data and limiting their lateral movement within the network.
2. OT Attacks Will Rise
Today, more and more government facilities incorporate green building technology and smart building automation for public health and other purposes. All of these Internet-of-Things (IoT) devices and sensors mean that the need to secure operational technology (OT) is more critical than ever. Because of the convergence of IT and OT networks, some attackers have been able to compromise IT networks by getting to them through OT devices ranging from video cameras to office equipment, and potential even through IoT devices in the home networks of remote users.
Although attacks on OT systems used to be the domain of specialized threat actors, tool and exploit kits are available for rent or purchase on the Dark Web. To launch an attack, malicious cyber actors no longer need advanced skill; all they need is money. Even worse, most OT and IoT devices were not designed with security in mind and cannot be upgraded or patched.
Because of the difficulty in securing OT devices, agencies can focus on solutions such as ‘virtual patching’ to address exploitable vulnerabilities at the point where these OT devices access the network, and to implement zero trust to limit their access and privileges just as in the case of users.
3. Malicious Actors Will Use Artificial Intelligence
Deep fake technology uses artificial intelligence (AI) to mimic human behavior, and it is being used more often to enhance social engineering attacks. It’s easier than ever to create a deep fake using freely available content generation tools that can generate output that is so good it can even fool experts in AI. Government agencies continue to face problems with phishing, particularly with so many employees working remotely. In 2022, malicious actors will continue to work to steal identities and address books, but they may also take information from email inboxes and outboxes that an AI tool can use to mirror the writing style and syntax of a sender and tailor the contents for each recipient. This ability to rapidly and easily tailor phishing email will make it more difficult to detect phishing scams by reducing the value of indicators users are taught to look for like awkward language or unsolicited email on odd topics.
Government agencies should make sure they have advanced technologies like endpoint detection and response (EDR) in place. EDR solutions use behavior-based detection to examine the payload of an email. When used in combination with integrated threat intelligence, EDR can help agencies defend against threats in real time, blocking suspicious activity, quarantining infected devices, and potentially blocking malicious action such as ransomware before it can encrypt the victim’s computer.
Threats Will Continue in 2022
If there’s one thing we can be sure of, it’s that threats will continue to evolve in 2022. Cybercriminals often look for easy targets and vulnerable government networks. But government is also the target of more persistent and sophisticated attacks as well, potentially coming from both state sponsored and criminal threat actors. Governments don’t have the luxury of lax security. They need to go beyond cybersecurity basics and use advanced EDR, deception technology, and zero trust security to thwart today’s faster and more damaging attacks.
By taking an integrated and automated approach to security, governments can better secure their valuable data. Because the location of these resources and the users are both changing, agencies need to update their security to meet these evolving needs. Security needs to be robust and consistent whether it’s on premises, in the cloud, or at the edge. Taking a security driven networking approach and practicing strong and consistent cybersecurity hygiene are key to ensuring that government agencies can continue to operate safely and efficiently.