James Carnall, the head of cyber at Red River Technology, said that reaching a state of zero trust and enhancing cybersecurity generally will start with identit...
If past is prologue, 2024 will require federal agency technology staffs to work on several fronts to stay ahead of cybersecurity threats.
James Carnall, the head of cyber at Red River Technology, said that reaching a state of zero trust and enhancing cybersecurity generally will start with identity management.
“That’s an area where organizations have to really understand how to be much more sophisticated,” Carnall said.
A basic challenge in identity management comes from the ever more sophisticated design of phishing attacks.
“One of the biggest attack vectors is through phishing,” Carnall said. “scams that allow people to get access, where they’re essentially socially engineering the individual to give access.”
He added, “Quite often, when we hear of hacks in a traditional sense, they’re not hacking the system as much as they’re hacking the process and the person. Identity has to be an area of focus this year, but we need to move much more quickly into a much more sophisticated identity protection capability.”
Carnall said that in doing so, organizations must not lose focus on the basics of good password management and multi-factor authentication.
Data also ranks high on Carnall’s list of cybersecurity priorities for 2024. Attackers want to reach data either because of the content itself or as a way of locking it up for purposes of extracting a ransom from the organization.
“What we’re seeing is very sophisticated targeting of individuals essentially with the goal of going after whatever the crown jewels are…which is data- who has access and where is it.”
Accelerating growth in data generation adds urgency to the data protection imperative, Carnall said. Security and network monitoring tools generate data constantly and hackers want such data because of the information it can yield about IT operations.
“But we [also] have customer data, we have transaction data,” Carnall said, and this data is also increasing from the deployment of digital services. “We’re all about collecting as much as we can and creating as much as we can,” he said.
“And obviously, in some cases artificial intelligence will be exploding the volume of information that’s being created,” Carnall said. “We need to classify it correctly, know where it is and know who has access to it.”
A third priority area for cybersecurity practitioners, Carnall said, stems from the growing complexity of the average agency’s infrastructure. Use of multiple commercial clouds, software-as-a-service and retention of government-owned computing facilities add up to complexity and a broad attack surface.
“A number of organizations out there are still looking to transition to cloud related infrastructure, hybrid cloud and other types of technologies that make the organization much more dynamic,” Carnall said. One aim is to “allow people to work from anywhere, to have whatever technology to access the network.” Remote access at scale, he said, adds to the zero trust architecture drive.
Carnall also pointed out what he called “exploding” numbers and types of end points connected to agency networks. That calls for technologies like secure access service edge, or SASE, and extended detection and response, or XDR, to monitor behavior and state of end points.
Dealing with identity management, data and infrastructure, plus continuing the thrust toward zero trust, then make for a solid agenda. Heading into 2024, Carnall said IT and cybersecurity people will need to apply their efforts to two sides of the cyber equation. On one side, cyber is a heaving compliance challenge, given the mandates in law and in Executive Order 14028 and, more recently, EO 14110 on artificial intelligence.
On the other side, agencies have an ongoing technology challenge in cyber with continual guidance coming from the Cybersecurity and Infrastructure Security Agency.
“It’s an extremely complicated problem,” Carnall said. “Am I managing to the auditor? Or am I managing to the adversary? We have to do both in security.”
Carnall said periodic monitoring for compliance and technical defense measures should be routine measures. He said many customers have turned to outsourcing of network and security operations centers.
“Think about it,” Carnall said, “there’s 168 hours a week, for 24/7. If I have somebody with some level of expertise, I need three to five people to cover that for the year, around the clock.” Multiply that by the number of skills needed, and “securing it or incident response is overwhelming for most organizations and agencies to handle.”
He added, “We can do it in a much more cost effective way,” and the agency will “have a security team than can focus on higher priority issues.”
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.