FedInsight by Dell Technologies

Data protections, network isolation are keys to improving cybersecurity

About a third of all cyber incidents federal agencies faced last year were unknown or outside the typical spam, phishing or web authentication vectors. The Office...

Shape

Protecting Agencies from Cyber Attacks in the Current Environment

We just have to understand that everything is based on the value of the data. Everything's about access and everything's about availability. So as we extend out to the edge, we're going to have exposures. We have to understand that the critical data, the tier zero, tier one, foundational aspects of an organization is what we need to protect at the fullest.

Shape

Attack Vectors of Focus

We have tools where, ultimately, because we've segmented the value of the data, we are preventing the adversaries from getting to command and control through isolation and through advanced mutability. At the end of the day, even if we haven't patched anything, even if one of our users clicks on the wrong thing, we can stop every single attack at that command and control phase, which means the adversaries can never take action on their objectives, and we win.

About a third of all cyber incidents federal agencies faced last year were unknown or outside the typical spam, phishing or web authentication vectors.

The Office of Management and Budget says the prevalence of this attack vector suggests additional steps should be taken to ensure agencies appropriately categorize the vector of incidents during reporting.

While it may be a categorization issue, it also may be the variety and volume of attacks are harder to identify and characterize.

The increase of cyber attack vectors over the last year of the pandemic was stunning.

Experts say ransomware attacks alone are up by nearly 500% since March 2020.

Other experts found in 2020, 22% of data breaches involved phishing. A year later, that number increased to 36%.

And scammers are more successful, exfiltrating data or taking over systems 57% of the time, which is a 2% increase over the previous year.

In addition to the number of attacks increasing, researchers found that, on average, it takes 280 days to identify and contain a cyber attack.

All of these statistics, once again, prove just how difficult protecting systems and data continue to be.

Kevin McDonough, an advisory systems engineer at Dell Technologies, said there are things agencies can do to stay ahead of attackers starting with using the right tools as well as the ability to detect, and even predict threats, in real time.

“We just have to understand that everything is based on the value of the data. Everything’s about access and everything’s about availability. So as we extend out to the edge, we’re going to have exposures,” McDonough said on the Innovation in Government show sponsored by Carahsoft. “We have to understand that the critical data, the tier zero, tier one, foundational aspects of an organization is what we need to protect at the fullest.”

Protecting data becomes more important as the threat surface expands with remote work and devices at the edge.

McDonough said this is why agencies have to do more to protect against ransomware and the ever present phishing attacks.

“Because money is so big, that’s where the bad actors are getting innovative, and once they get in, they’re getting really good at hiding, really good at staying under the radar, really good at understanding what tools the people that they are trying to attack use,” he said. “Above and beyond that, coupled with some of the things that just came out, like REvil ransomware that basically steals Windows credentials, so they’re in and can start doing what they need to do in terms of getting command and control and taking action on their objectives. Brute force attacks are another big thing. I tell the organizations the brute force attack will be 100% successful given enough time and given enough resources. Now we have nation states backing these advanced persistent threats so they’re able to check all those boxes.”

Despite the increase in ransomware, brute force and phishing attacks, McDonough said all hope is far from lost.

He said agencies and industry are getting better at identifying and stopping attackers earlier in the process.

“We have tools where, ultimately, because we’ve segmented the value of the data, we are preventing the adversaries from getting to command and control through isolation and through advanced mutability. At the end of the day, even if we haven’t patched anything, even if one of our users clicks on the wrong thing, we can stop every single attack at that command and control phase, which means the adversaries can never take action on their objectives, and we win,” he said. “To me, that is the good news instead of getting bogged down by the absolute complexity and the size of the issue. It really comes down to isolating your critical data, separating it from the network, making it a physical separation and then a logical air gap separation, so that we know that there’s no way the adversaries can get to that critical data.”

McDonough said agencies still need disaster recovery tools, data protection tools and other capabilities to reach that level of immutability that every organization must strive for.

“Having an area that’s isolated essentially is your oxygen environment that allows organizations to forensically eradicate those attacks without affecting the production environment,” he said. “Then you also will limit dwell time by the adversary. If you understand that attackers exist, understand that they are out there, then you have a way to be able to react to them. Securing your technology is doable. It is not all doom and gloom. We just have to understand that it’s not matter if but when the attacks will come and when they do, we have to be ready.”

Listen to the full show:

About Dell Technologies

Dell Technologies services the federal government and supports their IT programs from system modernization to cloud integration. They empower countries, communities, customers and officials to serve the public with effectiveness and efficiency. Carahsoft is a Dell partner, and together they offer federal, state, and local government solutions on various contract vehicles to give you cost-effective products and services.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories

    Amelia Brust/Federal News Network

    Strategies for managing all that cybersecurity related data your networks generate

    Read more

    Would a joint environment with the private sector improve federal cybersecurity?

    Read more