Cyber threats are evolving at a rapid pace. Recent ransomware incidents have made large waves around the world. At the same time, there have been a steady stream of attacks on U.S. infrastructure. According to the U.S. Computer Emergency Readiness team, recent intrusions into critical infrastructure systems, including the business systems of U.S. nuclear power companies, are part of an ongoing multi-stage campaign that targets smaller and less secure networks to gain lateral access to larger systems. Not surprisingly this comes on the heels of another report which stated a Ukrainian power outage appears to have been a “proof of concept” of the malware that caused it.
Meanwhile, the Internet of Things and Bring Your Own Device policies are placing more devices onto potentially unprepared networks. Historically botnets have taken advantage of these security gaps. Last year, over 27% of organizations experienced a security incident where mobile devices played a key role.
As the threat landscape changes, government agencies need new strategies for protecting their data and managing their risk profiles.
Adopt a New Approach to Cybersecurity
How convenient would it be if there was one tool that addressed every cyber threat? Unfortunately, the increasing number of attack vectors means that government agencies need a portfolio of tools. Agency budgets haven’t increased to allow for more human resources, so the best tools are those that free up time for existing security teams to manage a greater volume of threats.
Tracking trends in a constant stream of threats consumes team resources day-to-day and makes it difficult to prioritize. When agencies implement new safeguards, they should look for tools that automate routine tasks and proffer high-level insights to how attackers threaten their networks. These tools should have an ability to show agencies where they’re most vulnerable. For instance, if a majority of intrusion attempts come from phishing emails, that insight allows savvy security teams to invest more time into securing their email domains and less time investigating the type of attack.
Automate the Tedium
With more data becoming actionable threat intelligence, teams are better positioned to understand the obstacles they face. With the right tools, better understanding leads to a reduction in detection and response time, should an attack occur.
Automation helps by taking over tasks related to lower-order threats, so that security staff are free to concentrate on higher-order vulnerabilities. For instance, teams can create a closed-loop process between detection and removal, allowing for high-volume threats, such as pesky phishing emails, to be blocked automatically by the security infrastructure.
Automated systems can also be set to monitor and flag packages for severe threats. Based on specified policies, human administrators will be notified when there’s a concern. This frees the security team from tedious work, allowing it to dedicate more time to critical tasks.
Look for Promising Integrations
Agency networks will only grow and become more complex over time. Trends toward the Internet of Things and Bring Your Own Devices mean more devices joining agency networks, making mobile device security a critical piece of modern cybersecurity efforts.
Adapting to these and other changes requires agency leaders to grasp the big picture, so they can manage threats and mitigate risk long term. To help achieve a reliable high-level view, there are tools that allow agencies to holistically assess risk, monitor for threats in real-time, examine trends and orchestrate system-wide threat responses.
For example, as part of a larger Adaptive Response Initiative, ForeScout’s device-monitoring solutions readily integrate with Splunk, creating a collaboration that contextualizes evolving threats.
For more on how to orchestrate information sharing and automate workflows among disparate security and IT management tools, visit www.forescout.com