The impact and rate of cyberattacks on government and critical infrastructure IT systems have accelerated over the past several years. Malware inserted into software platforms and widely distributed to customers; ransomware attacks that take down hospitals and local governments; hacks endangering water systems are just a few examples showing that our vital systems are under attack.
At Geek Week—a FedInsider Carahsoft Tech Leadership SLED three-day webinar series—thought-leaders from the government and contracting community focused on ransomware, supply chain hacks and zero trust within the cyber threat environment and ways to respond and protect their most valuable assets, data and IT systems, more effectively.
Ransomware
The three-day webinar series began with examining state and local governments’ fight against ransomware attacks. According to the Verizon Data Breach Incident Report 2022, 80% of attacks on public sector systems were financially motivated, and 78% of the breaches came from outside the network. With the increasing frequency of these attacks, many states are passing legislation banning state agencies from paying ransomware; therefore, many state and local leaders must strengthen and broaden their defenses and mitigation strategies. One of the most concerning trends in ransomware is attackers destroying data in frustration, whether that is due to lack of payment or trouble getting through the defenses. Large organizations are still struggling with siloed data systems. This, paired with the more frequent ransomware attacks, has caused a more complex and slow-moving process towards protecting against cybersecurity risks.
Ransomware can be examined in two different phases: pre-alert and post-alert. In the past, ransomware has always been reactive rather than proactive. States focus on recovery and resilience as they update their disaster recovery plans, looking to buy ransomware insurance and updating their cloud for faster and better recoveries. Organizations have started implementing user training and running phishing exercises to increase awareness about the risk of suspicious links and attachments. There has also been a surge in multifactor authentication alertness. State and local government agencies need to establish response and contingency plans that are well documented, and test run those plans so that teams are apt when an attack happens.
There is an increasing reliance on technology for the operations and critical services that state and local government agencies provide. While there are many advantages to those services, there is also an increase in their potential attack surface. As more government agencies are adopting new technologies, they tend to outsource these services to various vendors in the cloud instead of operating the servers on their own premises. While this outsourcing shift cybersecurity risks, many agencies do not have solid protections in place. Industry vendors have exerted more effort into ransomware including online resources sharing best practices, vulnerability scanning, web application scanning and phishing campaign assessments at no cost.
Supply Chain Hack
Another cybersecurity concern state and local governments must address is supply chain hacks. All states have security measures in place to protect their own data and systems. But cybersecurity threats and attacks against governments have increased. Cybersecurity professionals throughout all levels of government and the private sector are painfully aware of the risks to their own networks posed by third parties with authorized access—but have insufficient security measures of their own. By hacking into supply chains, attackers gain access to company data, as well as the ability to breach other customers networks, disrupting workflow and attacking their network.
It is imperative that the whole of government approach cybersecurity with the understanding that every public and private agency has a shared responsibility to ensure security through centralized cyber operations. Securing the supply chain requires that agencies understand what has access to their enterprise networks, including any remotely connected devices, mobile devices and the devices of any business partners, vendors and other counties that may connect.
The first critical step in modernization is how agencies are doing discovery, that includes active, passive and automated discovery. Agencies need to collect all asset inventory into a repository, and then enrich that asset inventory with the Software Bill of Materials (SBOM) to understand what software is and should be running on the network. Lastly, agencies need to ensure that software updates are tested to understand behaviors of those new updates and validate them before they are scheduled to update all the devices on the network. Automation and machine learning play a significant role in making that process more efficient by identifying baseline software behavioral characteristics and detecting anomalies.
Zero Trust
One of the most recent and trending topics in cybersecurity is how state and local governments are moving towards zero trust for their IP and networking environments. The federal government is well ahead of state and local governments in the implementation of a zero trust architecture because of the White House Executive Order on Cybersecurity last year; however, state and local agencies predict a similar shift. 67% of state CIOs who responded to the 2021 Annual State CIO Survey anticipate that introducing or expanding a zero-trust framework will be a higher priority in the next two to three years. AI system administrators work to protect and lock down servers and workstations within their domain, while still allowing access to legitimate users; however, with the increase in remote workers, todays security stance is trust nothing and verify continuously.
Zero trust is not new. Now the focus is to build on what already exists and establish a secure network environment across all devices, applications and components regardless of source or location. Agencies must look at their environment to identify their most sensitive data and protect that aspect of their critical infrastructure. Auditing the organization and performing risk analysis is the first step to achieve zero trust maturity. Looking at the Pillars of Zero Trust, agencies must secure endpoints, secure applications, secure the data, secure the network and secure the infrastructure, whether it is on-premise or cloud based.
While these steps increase the complexity of rolling out zero trust, agencies can begin to manage and understand their environment, understand what their data is, how sensitive it is and create a blueprint to navigate around cloud-based services to move toward more efficient and secure deployment.
All these areas are imperative concerns to government agencies and require active engagement to secure the nation’s networks, data and infrastructure. State and local agencies must continue to mature their cybersecurity environment and educate their teams as they keep up with emerging headlines in cybersecurity.
Visit Carahsoft’s cybersecurity solutions portfolio to learn how our dedicated team specializes in providing Federal, State and Local Government agencies and Education and Healthcare organizations with security solutions to safeguard their cyber ecosystem.
*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at Cyber Geek Week 2022.*