Government cybersecurity specialists are on the front lines of our nation’s infrastructure defense. Every day, public sector security officers face new attack vectors that seek to infiltrate and cause damage to the systems and networks that keep our nation running. Government cybersecurity teams don’t have the luxury or opportunity to get it wrong when it comes to cyber defense. That’s why cyber resilience is so critical.
Unlike what many originally believed, cyber resilience isn’t about creating an impenetrable barrier; the key to resilience is the mitigation of risk and ability to respond, which involves various tactics. Agencies must consider how they identify and determine where risk is and then position themselves to act on it intelligently to keep systems up and running to support the agency mission and constituents.
However, regardless of the technology an agency uses, the integration of solutions makes cyber resilience difficult. Combining different IT tools inevitably creates holes in the defense network; if you think just about the infrastructure in your agency and the integration of various technologies on the market today that form resiliency, they also create unavoidable gaps. This has really changed the way government looks at resilience, evolving from a blocking approach to a strategy that constructs policies around loss and risk prevention with the acknowledgement of holes in the system.
Even with these gaps in mind, agencies have been doing the right things to stave off threats and develop their resiliency plans. Parallel to developing agile and adaptable infrastructure, organizations are deploying key, innovative strategies to become more resilient:
- Validating Credentials
Agencies are becoming more effective at identifying users who enter their environments with valid credentials. Even given all the zero days and the adversaries that threaten us, it’s really the misuse of valid credentials that creates the most havoc in an agency’s environment. Whatever the entry way may be – phishing attacks, ransomware, or some other means – security teams are sharpening their skills when it comes to identity management and validation.
- Examining Traffic
The second part of this resiliency strategy is to monitor the use of identity and valid credentials while tracking them across the entire environment. IT shops must determine which users should have the appropriate access provisioning for different levels of users across all parts of their networks. The next part of this is to look for which types of technologies are in the network and which ways traffic is flowing. Moreover, it’s important to know the ways outside devices are communicating with devices in the network to get a better handle on defending the integrity of all the traffic.
- Protecting the Data Center
Putting a protection capability around the data center helps agencies provide continuity of service to employees and citizens. Deploying a solution that has intelligence features also helps security teams know how and where data moves, identifies what that content is, protects it, and ensures it doesn’t get into the wrong hands.
Perhaps one of the biggest questions for agencies developing resiliency strategies is how to take all these tactics and protections and scale them to every functional area they have to worry about. Before, IT teams focused on endpoints, networks, and data centers; today, experts are concerning themselves with social media, cloud, and the environments that have multi-tendencies. There is so much to watch and defend that agencies must develop a strategy around each aspect of the infrastructure.
By developing strategies around credential validation, traffic patterns, data centers, and scaling, agencies are better enabled to determine the best products to put in place and decide how they’re going to automate and integrate these capabilities. If you don’t have a strategy and you don’t choose solutions that ease integration with each other, then the already unavoidable gaps can grow even wider.
As your agency builds a plan around cyber resilience, it’s important to understand that the touch points you have in your network today are going to evolve and expand continuously. In the future, we may see devices compromised in a way we could never imagine; we may have people hack into video data and edit that; we could see images disappear from documents. We see many things that could change content and devaluate the trust of the information that’s stored within an agency. With all this in mind, it’s more critical than ever for agencies to design strategies for resiliency, close gaps, and get ahead of the threat curve.
To learn more about securing government systems effectively now and into the future, check out the Symantec Internet Security Threat Report.