Cybercriminals are constantly looking to ply their trade and take advantage of any chink in a company’s defenses. However, those in the private sector aren’t the only targets.
Government and government agencies are increasingly being targeted by cybercriminals. Considering the amount of sensitive data governments handle, this is a concern that should be taken seriously as governments don’t have the liberty of overlooking high levels of risk.
“All of these threat actors look to exploit government organisations’ fragmented network perimeters, siloed networking and security teams, and aging legacy digital infrastructure that was stressed in supporting the pivot to remote work as well as broad technology changes such as 5G communications and edge computing,” explains chief information security officer of the public sector field and vice president of information security at Fortinet, Jim Richberg.
The VP and CISO has highlighted three key threats faced by governments today.
A growing attack surface
The pandemic has brought about a shift in how business is done not only in the private sector but the public sector as well. The push toward digital transformation has been seen in the public sector and this increases the potential attack surface available to ne’er-do-wells.
This push highlights the need to adopt zero-trust principles and architecture, widespread use of VPNs as well as multi-factor authentication. Importantly, special attention must be paid as to how these principles are implemented.
“Zero Trust needs to be applied at a more nuanced level—by application—since access should not be evaluated and granted on a ‘one and done’ basis when a user logs on. This affords better protection to the organisation’s data and supports a ‘work from anywhere’ operating posture where the new normal may include users, data, and devices connecting in increasingly innovative and non-traditional patterns,” explains Richberg.
Operational attacks
The way in which networks allow for interconnectivity means that cybercriminals are able to leverage the often ailing security present in operational technology as well as the internet of things.
“Traditionally, attacks on OT [operational technology] systems were the domain of more specialised threat actors, but such capabilities are increasingly being included in attack kits available for purchase on the Dark Web, making them available to a much broader set attackers and lowering the skill and expertise needed to launch such attacks. Many OT and IOT devices lack strong security and cannot be upgraded or patching, forcing organisations to be nimble and adopt methods such as virtual patching of such headless devices,” says Richberg.
“Using a layer of digital decoys and honeypots, deception technology helps conceal sensitive and critical assets behind a fabricated surface, which confuses and redirects attackers while revealing their presence on the network. Studies also suggest that, if an agency deploy deception technology, it doesn’t need to use it everywhere to reap the benefit — much as a home security sign both deters intrusion and affects how any would-be burglar proceeds if they do proceed to try to break in,” the CISO adds.
AI as a tool
With artificial intelligence finding its way into more areas of computing it would be folly to assume that cybercriminals aren’t making use of the technology for nefarious purposes.
One of the more interesting ways AI is being used is to mimic the way employees might communicate with one another so that phishing emails are more successful.
“It is now possible to use such data to automatically generate phishing content that mirrors the writing style and syntax of a sender and tailors the content of each phishing email to topics they have already discussed with the target. Detecting phishing will no longer be a matter of looking for obvious indicators like bank scam subjects or awkward English usage,” says Richberg.
“Advanced technologies like endpoint detection and response (EDR) can help by identifying malicious threats based on behaviour, either of any executable code associated with that email (by running it in a virtualised sandbox), or based on malicious characteristics fed to the EDR engine from other sources of cyber threat intelligence. The speed of attacks is increasing, and EDR coupled with actionable and integrated threat intelligence can help agencies defend against threats in real time” the VP adds.
Governments are traditionally slow when it comes to making use of new technology and Richberg states that governments will need to make use of AI and machine learning themselves to combat the surging tide of attacks.
“Threat actors and their attack methods are getting faster and more sophisticated, but by pursuing an integrated and automated approach to visibility and control, governments can better secure their assets. The challenge is that the location for these assets and the users and devices who need them is changing, and agencies much provide connectivity and security for on premise computing, in the data centre, in the cloud, or at the edge. Smart planning, doing the cybersecurity basics, and leveraging the increasing convergence of networking and security are keys to ensuring that organisations can operate efficiently and securely,” Richberg concludes.
There has been much talk about the fourth industrial revolution and smart cities locally but government has to make special considerations regarding cybersecurity.
We know that cybercriminals have targeted organs of state in the past and targeting them is only going to become easier as time wears on and new technology comes to the fore.
[Image – CC 0 Pixabay]
