Elevating State and Local Government Services in California Through Transformative Technology

Posted on by Robert Moore

State and Local Government agencies are constantly seeking ways to improve their services and processes to better serve their constituents and must embrace new technologies, prioritize cybersecurity and ensure data privacy to achieve this goal. These important topics were discussed by Government IT and industry leaders at the Carahsoft Digital Transformation Roadshow in San Jose, California. Speakers covered how to implement emerging technologies, enhance customer experience and protect constituents’ privacy and security through innovation, artificial intelligence (AI), cybersecurity and data privacy solutions.

Innovating Service Delivery to Constituents

Using advanced technologies can significantly elevate service delivery to constituents in several ways. Firstly, it can enhance the speed and efficiency of Government services, allowing constituents to access information and services more quickly and easily. Secondly, advanced technologies improve the accuracy and quality of Government services through data analytics that help identify patterns and trends, reduce errors and improve outcomes. Finally, advanced technologies increase transparency and accountability, allowing constituents to track the progress of their requests and hold agencies accountable for their actions.

State and Local agencies are often faced with a lack of resources, making it imperative to leverage new technologies and processes to save time and money. The updated systems must also be secured to protect their constituents’ data which requires significant planning, resources and collaboration to achieve successful implementation. Additionally, agencies must ensure that any changes they make comply with legal and regulatory requirements, such as data privacy laws and accessibility standards.

State and Local Government Roadshow Series California Blog Embedded Image 2024

AI solutions are just one of the successful implementations that has enabled agencies to streamline processes and upgrade service offerings to constituents. The adoption of innovative technologies has facilitated faster and more efficient interactions with constituents, leading to improved customer service and satisfaction. The integration of AI technology for real-time data analysis has also empowered agencies to make informed decisions and respond promptly to community needs.

Assessing the Impact of AI

Generative AI is a type of AI that can create new content, such as images, videos and text based on data it has compiled. By studying generative AI, State and Local agencies can develop policies and guidelines for the responsible use of this technology, including measures to prevent the creation and dissemination of harmful or misleading content.

Additionally, studying generative AI helps Government agencies identify potential applications for this technology that can benefit society, such as creating realistic simulations for training purposes or prompting new scientific discoveries. By understanding the potential benefits and risks of generative AI, agencies can make informed decisions about incorporating this technology in their operations.

If leveraged for services and processes, AI could provide many benefits to State and Local agencies through several means:

Chatbots and Virtual Assistants: handle citizen inquiries, provide information about Government services and assist with simple transactions.
Data Analysis and Predictive Modeling: analyze large volumes of data to identify patterns and trends, enabling State and Local agencies to make data-driven decisions in areas such as public safety, resource allocation and urban planning.
Automation of Routine Tasks: automate repetitive and time-consuming data entry and document processing, freeing up employees to focus on more complex and high-value activities.
Fraud Detection and Prevention: detect and prevent fraudulent activities, such as tax evasion and benefit fraud, thereby safeguarding Government resources and taxpayer funds.
Accessibility and Inclusivity: improve accessibility for individuals with disabilities by providing speech-to-text and text-to-speech capabilities, as well as other assistive technologies.

Cybersecurity and the Current Threat Landscape

State and Local Government agencies play a crucial role in national security, and their systems and data must be protected to prevent potential vulnerabilities that could be exploited by malicious actors. The current threat landscape includes sophisticated cyber threats such as ransomware, phishing attacks and advanced persistent threats. Robust cybersecurity measures are necessary to defend against these evolving threats and prevent disruptions to Government services.

Sensitive citizen data, including personal, financial and health information is often handled by State and Local agencies. Therefore, it is important for agencies to maintain strong cybersecurity and data privacy to uphold the public’s trust and confidence. By adhering to data protection regulations and compliance requirements, such as the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR), agencies can preserve the integrity of Government operations.

Several agencies have successfully implemented cybersecurity and data privacy measures:

Multi-Factor Authentication (MFA) to strengthen access controls and protect sensitive systems and data from unauthorized access.
Data encryption to protect sensitive information both at rest and in transit.
Incident response planning to effectively address and mitigate cybersecurity incidents.
Compliance with data protection regulations such as HIPAA, GDPR and the Payment Card Industry Data Security Standard (PCI DSS).
Cybersecurity training and awareness programs to educate employees about cybersecurity best practices, phishing awareness and the importance of data privacy.
Collaboration and information sharing with other agencies, law enforcement and cybersecurity organizations to stay informed about emerging threats and best practices in cybersecurity.

The path to elevating State and Local Government services requires a strategic incorporation of transformative technologies, notably AI, cybersecurity and data privacy. Leveraging advanced technologies can enhance interactions with constituents, fostering efficiency and transparency. Amidst resource constraints, agencies must implement AI solutions while also prioritizing robust cybersecurity measures. Agencies must navigate digital transformation with responsibility, ensuring the delivery of efficient, secure and privacy-focused services, thereby forging a future where technology elevates governance while upholding public trust.

Explore more resources and learn more about Carahsoft’s State and Local Roadshow Series: Digital Transformation by visiting our Roadshow portfolio.

EdTech Talks: A Comprehensive Look at Security in Education for Safe Learning Environments

Posted on by Tim Boltz

Emerging technologies today are providing K-12 schools and higher education institutions with the capabilities to support seamless and secure campus efforts, which ensures protection of academic environments as well as students, faculty and staff. Remaining vigilant, versatile and adaptable in the current education landscape, especially when it comes to security and student safety, are the most important considerations for education leadership when deciding what new solutions and integrations to incorporate into their schools.

Carahsoft’s annual EdTech Talks Summit brought together industry and education thought leaders to explore three tactical learning tracks: safety for the learning environment, the impact of technology on student growth and development, and modernizing education with artificial intelligence (AI) and machine learning. During the first day’s discussion, speakers provided insights into building safe learning settings with a comprehensive look at both cyber and physical security in education.

Analyzing Current Security Risks

Education institutions face a myriad of cybersecurity challenges such as ransomware, third-party access to school systems, internal bad actors and stolen credentials. One of the most impactful vulnerabilities is a lack of awareness across school communities regarding security. For example, individuals who are unable to recognize a phishing text message that asks the receiver to click on an unsafe link because an account has been frozen may potentially put their own data and their school’s data at risk of exposure.

While cybersecurity is one of the most important aspects of cultivating a successful learning environment, it is just as important to consider physical security for a safe learning environment. Building and campus surveillance, visitor management monitoring, lock down and fire drills, active shooter and crisis management are among some of the ways schools provide personal security for students and staff. With so many aspects of security to manage, schools also must balance being open, inclusive and engaging with communities and culture to provide more expansive learning opportunities while simultaneously protecting against threats on limited budgets.

Protecting Against Cyber Threats in the Modern World

For improved security, educators and industry leaders must collaborate to take proactive measures to safeguard digital infrastructure, data and physical campuses. The best place to start is by ensuring the fundamental standards of cyber defense are in place, functioning properly and are continuously monitored and modernized. This includes solutions and processes such as:

Utilizing multi-factor authentication (MFA) whenever possible
Email and phishing security to avoid ransomware
Maintaining a high standard of digital hygiene through services such as patching and vulnerability management
Creating robust and resilient backup strategies for all data at endpoints and in the cloud
Performing recovery testing to ensure backups and other operations are working accordingly
Providing resources and trainings to engage with school communities to raise awareness of ways students and teachers can defend themselves against physical and cybersecurity threats
Implementing a “see something, say something” mentality across school communities to ensure all potential risks are reported and mitigated
Hiring IT staff and educators who are passionate about the security and safety mission set forth by an institution and allow them to provide new ideas and innovation
Investing in quality cyber insurance to protect institutions against setback from a ransomware attack
Conducting frequent audits to ensure school’s systems are compliant with the latest policy requirements and standards in the case a claim must be made

Security Implementation for Institutions

Industry and education experts alike understand the importance of providing a safe space for all students, whether inside schools or online, and continuously aim to make sure their experience is as productive and valuable as possible. Particularly within higher education, many universities and colleges have individual point solutions that they have integrated into their systems to solve very specific problems, creating a disconnected mixture of security infrastructure. Security must be designed with students in mind and a way that provides optimal learning, collaboration and inclusion—technology can help achieve this imperative goal.

As Government and education sectors continue to move toward cloud environments, managing a multitude of products and solutions can become cumbersome and difficult to regulate security. To combat this, consolidation of products to create increased visibility, automation and agility are key for transforming a current infrastructure to be more successful and produce actionable insights.

Visit the EdTech Talks Conference Resource Center to view panel discussions and other innovative insights surrounding security, AI and student success from Carahsoft and our partners.

About Carahsoft in the Education Market

Carahsoft Technology Corp. is The Trusted Education IT Solutions Provider™.

Together with our technology manufacturers and reseller partners, we are committed to providing IT products, services and training to support Education organizations.

Carahsoft is a leading IT distributor and top-performing E&I Cooperative Services, Golden State Technology Solutions, Internet2, NJSBA, OMNIA Partners and The Quilt contract holder, enhancing student learning and enabling faculty to meet the needs of Higher Education institutions.

To Learn more about Carahsoft’s Education Solutions, please visit us at http://www.carahsoft.com/education

To learn more about Carahsoft’s Cybersecurity Solutions please, visit us at https://www.carahsoft.com/solve/cybersecurity

Securing the Digital Workplace: Microsoft 365 Identity Management for Public Sector Leaders

Posted on by Antoine Snow

Zero Trust is a critical focus for public sector organizations as they navigate today’s evolving digital workplace and cybersecurity landscape. But one issue is emerging as increasingly troublesome: insider threats.

The 2022 Cost of Inside Threats: Global Report found incidents involving insider threats surged 44% over the past two years. While some of these threats may be malicious insiders, seeking to misuse their authorized access for personal gain or harm, many are the result of cybercriminals exploiting vulnerabilities in identities to enter your environment. These criminals use tactics like compromised credentials – the leading cause of data breaches – as well as phishing scams and social engineering to impersonate identities and gain unauthorized access.

To effectively counter these increasingly sophisticated threats, organizations must strengthen identity management. When executed properly, identity management not only enhances the security of your digital workplace but enables a Zero Trust strategy.

Let’s discuss what identity management is, how to build a comprehensive strategy in Microsoft 365, and how it can fortify your Zero Trust deployment.

What is Identity Management?

AvePoint Identity Management Blog Embedded Image 2023

Identity management establishes and manages the digital identities of anyone entering your environment – from employees and contractors to guest users. Identities could refer to people, but they could also be services or devices entering your environment.

Identity management enables organizations to implement robust access controls, granting privileges based on roles – which is why identity management is an integral piece of Zero Trust. Without it, you will have no way to verify users and devices are who they say they are, let alone establish proper privileges and access, which are key Zero Trust principles.

When done effectively, identity management provides the right access to the right individuals at the right time for the right reason. This process not only improves your security posture, but can streamline user access, reduce administrative overhead, and help you better meet your compliance obligations.

Building Identity Management in Microsoft 365

When building your identity management strategy in Microsoft 365, remember these three basic elements: identify, authenticate, and authorize.

Here’s how to get started:

Identify: The backbone of identity management in Microsoft 365 is Azure Activity Directory (Azure AD). Azure AD provides a cloud identity for users, groups, and resources. It is where you build out your users’ identities and control access to internal and external resources – like your intranet or even Microsoft Teams. The solution will recognize users (based on Microsoft’s powerful machine learning and AI’s understanding of typical user and tenant behavior) and flag risks that fall outside of normal behavior, triggering the next steps of the process.
Authenticate: Multi-factor authentication (MFA) is today’s gold standard for authenticating identities. There are a variety of ways to do this, from smart cards to one-time passwords, that add layers of protection to your security. Microsoft’s Authenticator App helps implement MFA across your applications in a convenient and easy way for users, allowing them to verify their and their devices’ identities from their phones.
Authorize: It’s critical to grant access privileges based on the conditions specific to your organization. Conditional Access policies take a two-phased approach: first, it collects information about the person (their device, IP address, etc.) and then enforces any policies you have in place. This could mean if it detects a new device, it may enforce multi-factor authentication (MFA) or request the user sign in again. It could also prohibit access under certain conditions, like if a user is attempting access from a mobile device. These policies provide granular control over access while reducing the risk of authorized access.

By following this framework, you can easily begin using the powerful tools Microsoft offers to build your identity management strategy, ensuring only authorized individuals have access to critical systems.

Three Ways to Take a More Proactive Approach to Identity Management

Once you’ve taken the initial steps to start building your identity management approach, take it to the next level to enhance your security:

Right-size your policies: Strict, one-size-fits-all rules can hinder productivity; if security is in the way of getting the job done, users will find a way around it. Customizing your policies to specific users, workspaces, or even content creates a more tailored approach to access control, striking a balance between security and productivity.
Implement lifecycles: Identities should not permanently exist in your environment. People switch jobs or upgrade their devices. Establish a process to evaluate and recertificate identities – whether users (both external and internal) or devices – to ensure they still require access to your content and workspaces.
Monitor your environment: Even with the best-laid security plans, things can still fall through the cracks. That’s why it’s critical to monitor your environment – including users, devices, locations, and behavior – to identify any anomalies or suspicious activities that should be addressed.

These strategies can help you build a more proactive identity management approach that actively reduces risks and attack surfaces, allowing you to go beyond verifying identity to create a secure and efficient digital workplace.

Build a Secure Digital Workplace with Zero Trust

While identity management is an important aspect of building your secure digital workplace, ensuring only authorized individuals have access to your systems, it is not enough to protect your data or the workspaces where it lives in today’s ever-evolving cyber threat landscape.

Public sector organizations must embrace a comprehensive Zero Trust security framework to effectively build a secure digital workplace. To do so, you must combine identity management best practices with other robust security measures, like role-based access controls, workspace governance policies, lifecycle management processes, and risk assessments. Together, these strategies can enhance the protection of your digital environment and minimize your risk of data breach or unauthorized access.

Download the free AvePoint guide, “How to Achieve Zero Trust Standards Without Limiting Collaboration in Microsoft 365,” for more information about protecting your digital collaboration workspaces with a Zero Trust framework.

The Basics of Cybersecurity for Critical Infrastructure

Posted on by Alex Whitworth

In July 2021, the presidential administration signed a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems. As these systems are a part of daily life, any damage to them would be a significant threat to national security. To prevent a national crisis, the administration launched an effort to improve cybersecurity across critical infrastructure sectors. The first part of this four-part blog series will cover the basics of critical infrastructure cybersecurity. Subsequent blogs will dive deeper into the Water and Wastewater, Electric and Utility and Transportation sectors respectively.

Realities of Critical Infrastructure Environments

Increasing Industrial Control Systems (ICS) security ranks is a top priority to protect critical US infrastructure and national security. ICS is an information system that is used to control industrial processes such as manufacturing, product handling, production and distribution. These information systems can face a variety of threats from foreign and national bad actors who aim to gather intelligence and disrupt critical functions. With evolving technology, ICS operators must ensure that they implement new cybersecurity functions when connecting Operational Technology (OT) and Internet of Things (IoT) devices to Information Technology (IT) systems.

Best security practices for ICS include:

Restricting logical access to the system’s network and activity through protections such as firewalls to pause network traffic
Implementing unidirectional gates
Restricting physical access to the ICS devices and network to avoid disruptions to the system’s functionality
Securing all ICS individual components
Protecting against unauthorized data changes through network oversight
Having a response plan for potential incidents^[1]

CISA’s Cybersecurity Performance Goals

Section 4 of the National Security Memorandum required the Department of Homeland Security to create baseline cybersecurity guidelines.

To further advance this, the Cybersecurity and Infrastructure Security Agency (CISA) has released a number of initiatives for agencies to implement that would strengthen their security systems. Every day, CISA works with ICS asset owners and operators to help them identify, protect against and detect cybersecurity threats, as well as to enhance ICS technical, analytical and response capabilities. CISA is working hard with critical infrastructure organizations to improve on the common issues they see, including:

Without basic security protections and foundational measures, critical infrastructure systems are vulnerable to exploit by methods that are easily preventable.
Limitation of resources continues to be a challenge for small- and medium-sized organizations.
There are inconsistencies in the standards for cyber maturity across the various critical infrastructure sectors, leaving security gaps that can be exploited.
Cybersecurity in IT systems are prioritized, leaving OT systems overlooked and outdated.

CISA offers a wide array of resources to help critical infrastructure organizations. These include the 2022 Cybersecurity Performance Goals—the CPGs. The CPGs are intended to be both voluntary and not comprehensive. It is not a mandated act for agencies to implement, nor does it consist of every helpful cybersecurity practice for every organization. Rather, they are intended as a beginner guideline that can be communicated to a non-technical audience. The CPGs were set as a baseline set of cybersecurity practices that are broadly applicable across critical infrastructure and have known risk-reduction value for IT and OT owners. And lastly, the CPGs stand out from other control frameworks by not only considering practices that address risk to individual entities, but also the aggregate risk to the nation.^[2]

The Cross-Sector Cybersecurity Performance Goals provide a set of IT and OT cybersecurity practices that will help organizations increase cyber resilience in their Critical Infrastructure systems. CISA has organized the practices into 8 categories:

Account Security
Device Security
Data Security
Governance and Training
Vulnerability Management
Supply Chain / Third Party
Response and Recovery
Other

In March 2023 CISA released and updated version of the CPGs to include a key updates from the October 2022 guidelines.

The CPGs have been reordered to fit the NIST CSF functions, and accompanying documents have been adjusted to reflect this.
The Multifactor Authentication (MFA) goal has been updated to reflect the most recent CISA guidelines.
To aid in organizations’ recovery planning, CISA added a goal based around GitHub feedback.
There were slight changes made to the glossary to not only reflect the previously listed changes, but to acknowledge additional stakeholders who’ve contributed to the guidelines.

To better connect with the greater community, there are now additional opportunities to provide input on the goals CISA discussion page. CISA welcomes feedback from partners in cybersecurity and critical infrastructure communities.

Check back to read our second installment of this critical infrastructure series that will cover the best cybersecurity practices in the water and wastewater sectors.

To learn more about protecting agencies against cyber-attacks, visit Carahsoft’s Cybersecurity Solutions Portfolio.

Resources:

^[1] “Recommended Cybersecurity Practices for Industrial Control Systems,” CISA, https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf

^[2] “Cross-Sector Cybersecurity Performance Goals,” CISA, https://www.cisa.gov/cross-sector-cybersecurity-performance-goals

Okta and GovSlack Bring Digital-first Environment to Government

Posted on by Sean Frazier

Digital transformation is all around us. From how we shop to where we work, digital-first environments are the new normal. While the private sector quickly adopted collaborative, digital workspaces, the pace is a bit slower for government agencies – and for good reason.

Higher levels of security and compliance are required in government work, yet agencies still feel limited by the legacy systems in place. To transform into a digital-first workspace that promotes collaboration and improves communication among agencies and contractors, government agencies need flexible, inclusive technology that doesn’t sacrifice cybersecurity.

Modernize with a digital command center

Okta + GovSlack Digital-first Environment to Government Blog Embedded Image 2023

Okta integrates with GovSlack to help the government modernize how work gets done. The centralized digital headquarters provides frictionless, secure access and helps agencies increase productivity, security, governance, and end-to-end workflows.

GovSlack was launched to allow for secure collaboration. Okta’s Identity and access management (IAM) policies throughout GovSlack meet the security and compliance needs of intra- and cross-functional government teams and contractors.

Top five reasons to modernize with Okta and GovSlack

Here are some of the top reasons agencies can benefit from the Okta and GovSlack solutions:

Share information with external agencies and contractors in real time: Slack Connect allows agencies to extend the benefits of their centralized, digital workspace to both internal and external team members in real time. This helps reduce the need for meetings and follow-ups. Okta’s IAM capabilities throughout the platform remove siloed Identity security across the extended enterprise.
Access growing library of integrations: Okta’s secure and seamless integration with GovSlack and a growing number of high-security versions of the most commonly used business applications protect the government’s highest-value assets.
Meet strict compliance and security requirements: Okta’s FedRAMP Moderate Identity solution includes features and capabilities available throughout GovSlack that are designed to strengthen the security posture of government agencies. Okta’s trusted security capabilities meet Zero Trust architecture (ZTA) and the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Identity pillar, helping agencies bridge on-premises assets to the cloud with a unified and automated Identity-driven access layer.
Create a frictionless workforce experience: IAM tools from Okta, like phishing-resistant Multi-Factor Authentication (MFA) and biometrics, allow users to easily access the secure platform from any location or device. Granting permissions and access controls at scale is simple through GovSlack’s enterprise-grade admin dashboard.
Launch into the future of modern work: With security measures offered by Okta and GovSlack, agencies can incorporate a secure, cloud-based digital headquarters into all aspects of their daily work. With a secure digital workspace in place, agencies can reduce time spent building on-premises solutions, breaking down information silos, improving collaboration internally and externally, and opening the door to more possibilities when all stakeholders have access to the same workspace.

Download our Solution Brief to learn more about Okta, the federal Identity solution for high-impact applications, and GovSlack, the designated “digital headquarters” for many government agencies.

Ransomware Security Strategies

Posted on by Alex Whitworth

One of the first challenges in combatting ransomware is recognizing the imminence of an attack and the impact it could have on an individual’s personal organization. For 60% of companies surveyed by ActualTech Media and Ransomeware.org, they reported spending zero to four hours on ransomware preparedness per month.^[¹^] Getting collective buy-in from administrators can be difficult since the cybersecurity measures put into place cannot show their full value without being hit by a ransomware attack; however, when compared to the number and scale of attacks occurring, greater attention to cybersecurity is imperative. The NIST Cybersecurity Framework (CSF) provides a guiding set of principles that inform strategies for mitigating ransomware risk. Addressing ransomware starts with identification of a security program followed by protection, prevention, detection, recovery and then security improvements. Ideally companies would follow this CSF outline but in reality, for most organizations the path looks different. Due to feasibility and order of highest critical priority, many companies first establish detection and recovery methods followed by protection, prevention, and security improvement.

RANSOMWARE DETECTION AND RECOVERY

When ransomware hits an organization, the biggest immediate concern is finding the problem and returning to business operations as usual. Many resources exist to assist with this endeavor including asset management tools that automatically inventory all devices on the network and monitor for potential ways malware can get in. Implementing edge detection allows companies to be alerted and quickly identify early on if the network has been compromised and which accounts and devices require isolation and additional measures to prevent the further spread to other servers, accounts and storage units. Anti-virus programs are also helpful to monitor endpoints for indicators of compromise or malware. By achieving early detection, companies can contain the malware and reduce data loss.^[²^] It also aids in preventing extended downtime which is very costly for operations and business reputation. Apart from the actual ransom, the downtime alone caused by cyberattacks in 2020 cost $20.9 billion to American businesses.^[¹^]

Once malware has been detected, a company’s recovery plan and preparation are put to the test. IT specialists and company administrators need to have an emergency plan in place so there are straightforward steps to recovery. Backups not only need to be created and stored off-site, but also updated on a regular basis and tested to ensure that they are a solid base for a system restoration. With most traditional backup systems, the data cannot be recovered fast enough to neutralize the ransomware’s impact on operations. Instead, a new strategy must be adopted that shifts from 200,000 files taking eight plus hours to restore via the traditional backups, to millions of files being recovered in minutes. Granular, immutable, verifiable snapshots are required to successfully recover all of an organization’s data.^[²^]

The Sophos “State of Ransomware” report indicated that 77% of healthcare organizations that did not experience a ransomware attack in 2021 attributed it to efforts such as backups and cyber insurance, which help with remediation but not prevention. This exposed an ongoing misunderstanding within the industry on cybersecurity methods.^[³^] Obtaining cyber-insurance does not prevent future attacks; however, instituting proper security strategies does decrease the susceptibility to ransomware. Recovery tools and insurance provide support during post-breach response but ultimately, in conjunction, organizations should strive to prevent the attack in the first place which requires implementing protection and prevention. According to the Government Accountability Office (GAO), cyber-insurance is a valuable resource to employ but noted that it is increasingly harder to acquire, due to the massive volume of cyberattacks, a higher bar of entry and more requirements to gain coverage and receive payouts. This leaves organizations who do not have sufficient security or insurance to face the recovery process and expensive remediation costs alone.^[⁴^]

RANSOMWARE PROTECTION AND PREVENTION

While most organizations invest in attack detection and recovery strategies, the protection aspect of the NIST CSF is equally important and an essential element to reduce the amount of recovery needed. Protection and prevention of ransomware attacks begins with establishing system routines and measures that make it more difficult for hackers to infiltrate. Through implementing Zero Trust user principles such as Multi-Factor Authentication (MFA), institutions and agencies can protect themselves by verifying the identity of employees. Poor password hygiene is one of the leading gateways to malware infiltration, making thorough employee training and password management software a baseline to reduce risk. The average user has access to over 20 million corporate files, making each employee a critical part of keeping the network safe and a huge liability if they are not vigilant and following best practices.^[²^] Segmentation of the network to provide user-specific access to data and system resources also creates safety barriers, so in the event of an attack the entire network is not automatically compromised. Around 80% of critical infrastructure companies without Zero Trust policies experience an $1.17 million increase in breach costs bringing to an average of $5.4 million per attack in 2022.^[⁵^]

Comprehensive Zero Trust authentication and data access control to limit complete access to the entire company’s files is a first step in this process. File indexing, which classifies the level of sensitivity of information contained, allows companies to better allocate resources to prioritize their protection of the most important or confidential files.^[²^] When processes are automated through these and other resources, it eases IT teams’ responsibilities and reduces the chance of error. Incorporating artificial intelligence (AI) and machine learning (ML) also expedites the identification of confidential information with metadata tags, along with advanced detection of suspicious network and user activity, and thereby minimizes inefficiencies.^[⁶^]

Organizations must rigorously search for security gaps and proactively work to close them. Some other measures to incorporate include:

Filtering for phishing emails and providing awareness training to minimize the possibility of a user accidentally clicking a malicious link
Utilizing firewalls to block unusual network traffic and segment the network to impede malware system communications
Monitoring software licenses to ensure they are updated and systems are adequately patched
Removing expired and extraneous user credentials and unused legacy technology
Tracking vulnerabilities on devices like IoTs, OTs, and employees’ personal devices used for work (BYODs) throughout the entire connection lifecycle
Implementing Zero Trust cloud security with container scanning and proxies like a Cloud Access Security Broker (CASB) and Zero Trust Network Access (ZTNA)

RANSOMWARE SECURITY IMPROVEMENT

Following an attack, companies have the opportunity to grow and improve from the situation as well as share resources with other public and private sector companies to strengthen defenses. Incident reporting is a key strategy to prevent future ransomware incidents and a top priority for the Cybersecurity and Infrastructure Security Agency (CISA). Agencies and organizations must support each other to defend against these cyber threats that affect every industry.^[⁷^]

To support this greater focus on information sharing, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 took effect in March requiring a more stringent timeline and adherence to disclosing cybersecurity attacks and ransomware payments to the government. CISA also now has the authority to subpoena critical infrastructure organizations if they do not report any cybersecurity incidents within 72 hours of a cyberattack and 24 hours of a ransom payment.^[⁸^]

This threat information sharing requirement along with other recent rules on reporting attack incidents strengthen organizations’ security posture and reduce the success rates of cyberattacks. Through these joint efforts and public-private partnerships, companies can recover faster, resume normal operations and support other businesses in the defense of their industry and the nation.^[⁹^]

To assist with incorporating these cybersecurity best practices, Congress passed the Infrastructure Investment and Jobs Act Public Law 117–58 which offers $2 billion to “modernize and secure federal, state, and local IT and networks; protect critical infrastructure and utilities; and support public or private entities as they respond to and recover from significant cyberattacks and breaches.”^[¹⁰^]

RANSOMWARE RISK MITIGATION

Tech modernization, while crucial to agencies and organizations’ survival and growth, also presents unique challenges in protecting those technologies.^[11] In their journey to securing their legacy and updated systems, companies must take the time to honestly evaluate their cybersecurity standing across the ransomware cycle and ensure their readiness to handle an attack. Utilizing NIST CSF security strategies and other resources help organizations to mitigate risk and empower other companies to learn and protect their systems. By implementing best practices and technologies to address cyber hacks and data breaches, companies are valuing both their customers and their own bottom line. Proactive cybersecurity measures are key for all companies to stem the tide of ransomware attacks and protect the continued growth of their organizations.

Learn about the current state of ransomware and its impact across sectors in our Ransomware Series. Visit our website to learn how Carahsoft and its partners are providing solutions to assist in the fight against ransomware.

Resources:

[1] “Everything You Need to Know About Ransomware,” Ransomware.org, https://ransomware.org/

[2] “Protect, Detect & Recover: The Three Prongs of a Ransomware Defense Strategy for Your Enterprise Files,” Nasuni, https://media.erepublic.com/document/Whitepaper-_A_Three_Prong_Ransomware_Strategy_-_Nasuni.pdf

[3] “The State of Ransomware in Healthcare 2022,” Sophos, https://news.sophos.com/en-us/2022/06/01/the-state-of-ransomware-in-healthcare-2022/

[4] “Healthcare data breach costs reach record high at $10M per attack: IBM report,” Fierce Healthcare, https://www.fiercehealthcare.com/health-tech/healthcare-data-breach-costs-reach-record-high-10m-attack-ibm-report

[5] “Cyber Attacks Against Critical Infrastructure Quietly Increase,” Government Technology, https://www.govtech.com/blogs/lohrmann-on-cybersecurity/cyber-attacks-against-critical-infrastructure-quietly-increase

[6] “Four Best Practices for Protecting Data Wherever it Exists,” Dell Technologies and Carahsoft, https://www.carahsoft.com/2nd-page/dell-4-best-practices-federal-data-security-protection-report-2022#page=4

[7] “Ransomware Hackers Will Still Target Smaller Critical Infrastructure, CISA Director Warns,” Nextgov, https://www.nextgov.com/cybersecurity/2022/07/ransomware-hackers-will-still-target-smaller-critical-infrastructure-cisa-director-warns/374953/

[8] “DHS Convenes Regulators, Law Enforcement Agencies on Cyber Incident Reporting,” Nextgov, https://www.nextgov.com/cybersecurity/2022/07/dhs-convenes-regulators-law-enforcement-agencies-cyber-incident-reporting/374968/

[9] “Ransomware Attacks on Hospitals Have Changed,” AHA Center for Health Innovation, https://www.aha.org/center/cybersecurity-and-risk-advisory-services/ransomware-attacks-hospitals-have-changed

[10] “FACT SHEET: Top 10 Programs in the Bipartisan Infrastructure Investment and Jobs Act That You May Not Have Heard About.” The White House, https://www.whitehouse.gov/briefing-room/statements-releases/2021/08/03/fact-sheet-top-10-programs-in-the-bipartisan-infrastructure-investment-and-jobs-act-that-you-may-not-have-heard-about/

[11] “Global Data Protection Index 2021,” Dell Technologies, https://www.dell.com/en-us/dt/data-protection/gdpi/index.htm#pdf-overlay=//www.delltechnologies.com/asset/en-us/products/data-protection/industry-market/global-data-protection-index-key-findings.pdf

Infographic Resources:

“Ransomware and Energy and Utilities,” AT&T Cybersecurity, https://cybersecurity.att.com/blogs/security-essentials/ransomware-and-energy-and-utilities

Minimizing Your Cybersecurity Risk in the Public Sector

Posted on by Jason Pohlman and Jeremey Pommerening

Eighty-eight percent of government agencies have experienced at least one cyberattack in the past two years. Why? Public sector organizations offer an abundance of sensitive data for hackers, including social security numbers, confidential health and finance records, and valuable intellectual property. The number of ransomware and cybercrime events aimed at government agencies will only continue to grow. Such attacks cost organizations an average of 21 days of downtime and 287 days to fully recover.

The days are gone when an agency could install a cybersecurity solution and stop worrying; unfortunately, antivirus programs can easily be bypassed. Even if organizations implement the latest and greatest solutions, they may leave some holes that they thought they had secured. The fact is that there are a whole host of things that agencies need to do to really protect themselves now, including repetitive training and education of end users. There are also a number of technological solutions that agencies can use to protect their data.

Central Logging

If your system doesn’t perform logging, then when malware hits your organization, you cannot tell where it originated from and how it is spreading. Central logging is particularly important. Hackers might be able to get on a local system and change logs to cover their tracks. But unless they get access to the central logs, it’s possible for an agency to track where they’ve been. It’s important to find the initial source of an attack, but often agencies can’t locate it until they start looking through logs.

Multifactor Authentication

The famous attack of Solar Winds could have been mitigated or even prevented if the company had used stronger passwords, role-based access, and multifactor authentication. Multifactor authentication, in particular, gives an extra layer of protection. Even if an attacker is able to harvest credentials they don’t have the additional information needed to access the target account which is usually out of the attackers control.

Incident Response Team

It’s important to have a team in place to respond in case of an incident. Your organization needs to know not only who is on such a team, but also what each person is responsible for. The team should meet regularly, test backups, and do tabletop simulations; they should have a plan in place if the agency encounters ransomware. The incident response team should include representatives from all your organization’s stakeholders to make sure you have a workable plan to get back online as soon as possible.

Copies of Your Data

Backups are absolutely mission critical to the overall function to the organization. Experts recommend having three copies of your data in at least two different forms of media: spinning disk, SSD, or NVMe drives that are paired with tangible disk or tape. One copy should be off site; make sure that backups flow from on premises to the cloud server, which is making that offside bounce or potentially landing and then copying that data or just moving the entire chain off. This ensures geographic separation of the data.

When ransomware was new and attackers started encrypting files, nobody anticipated it. If you didn’t have good backups, then you were in a bind. Agencies run the same risk today if something newer than ransomware comes out and gets past all their defenses. Everyone needs to have a good backup strategy so that they can recover if something does get through.

It’s critical to test the backups. Make sure you have a plan in place to test the backup daily, weekly, or monthly. Your daily backup routine should include everything: your email, your app server that you were developing yesterday, all that unique data that needs to be available for the end users. At the end of the day, recovering from a ransomware attack usually comes down to whether you have a good backup and recovery strategy.

Zero Trust

Zero Trust is treating every network identity as a potential threat. Once you start thinking like that, you can break down where you need to focus your attention. Zero Trust really came about because cybersecurity used to focus primarily on perimeter protection. But the perimeter, the edge, is now distributed more than ever and most recently because of Covid—with so many people working from home—the perimeter has disappeared in a lot of ways. Zero Trust reminds agencies that it’s important to secure endpoint devices, not just on-premises devices—but do some sort of posture checking somewhere along the pathway when accessing data.

View our webinar to learn more about Otava can support your cybersecurity missions and help your agency reduce public sector-specific risks by understanding today’s cybersecurity climate.

The Basics of Zero Trust Authentication for Federal Government

Posted on by Bryan Rosensteel

Federal government IT staff are tasked with ensuring that the right individual has the right level of access to the right resources at the right time. And while efficient government operations depend on interoperability, historically, security requirements have resulted in silos that hindered that interoperability.

However, it doesn’t need to be this way; opportunities exist for transformation in the government to break down silos, improve operations, and enhance interoperability—without sacrificing security. Below, we’ll review the basics of how to accomplish this by upleveling your infrastructure to employ a Zero Trust approach to authentication.

The Challenge: Fragmented Identity

The federal government heavily relies upon PKI-based authenticators to verify identity and grant access to resources. However, these authenticators pose several access and security challenges, resulting from the numerous issuing systems and standards.

For instance, not all PKI credentials are issued by the same system to support the same level of security—and often, agencies require a mix of PKI and non-PKI credentials. Therefore, employees may need multiple authenticators to access different systems, and agencies must support all of those systems, each introducing its own identity silo.

As a result, many agencies have a fragmented identity landscape, so siloed technologies cannot communicate with each other—the opposite of interoperability.

The Solution: Zero Trust Authentication

Zero Trust is the identity-centric security framework that assumes the network is hostile and users cannot be implicitly trusted. Implementing Zero Trust, which the Executive Order on Improving the Nation’s Cybersecurity mandates for federal agencies, requires continuous authentication and authorization of a user’s identity before granting access to resources.

Federal Identity, Credential, and Access Management (ICAM)—or the set of tools, policies, and systems to enable secure access to information in support of federal business objectives makes this possible.

Therefore, you must uplevel the ICAM components supporting those authentication capabilities to implement Zero Trust Authentication. Notably, this doesn’t require ripping and replacing your infrastructure. By employing standards-based technologies, you can augment ICAM capabilities to make the most of existing investments.

Below, we’ll review how to modernize ICAM capabilities and implement Zero Trust Authentication by upleveling three components.

1. Centralized Authentication Authority

The government’s diverse use cases and unique security requirements don’t need to result in fragmentation and identity silos.

Identity federation provides a bridge to connect disparate identities, and a centralized authentication authority allows credentials issued by various systems into a central identity control plane. This breaks down silos by integrating an agency’s PKI authenticators with all of its resources, enabling every individual to securely connect to any resource they need—regardless of location.

2. Dynamic Authorization

Historically, authorization has been a very inflexible process. A user either received access or not based on simple requirements (typically their role in the organization) and metadata (i.e., their attributes). Zero Trust Authentication requires a nuanced approach, which calls for dynamic authorization.

Dynamic authorization takes additional context into consideration to determine if a user should receive initial access to a resource. This includes answers to questions like:

Does the individual usually access the type of information they’re trying to access now?
Is the request coming from a trustworthy device?

Considering nuanced information like this enables greater flexibility and control in real-time over what someone can access, transforming authentication from a static to a dynamic process.

3. Continuous Monitoring

Even after a user gains initial access, the answers to the questions above could change. For example, maybe the user received initial access to data when they were using a trusted device, but now they’re attempting to access that same data from an untrusted device. In this case, you may want to revoke some or all of their access until they can provide another authentication factor to verify their identity.

This calls for adaptive access security, which requires continuous monitoring. It allows you to monitor access attempts and changing user attributes to ensure the appropriate level of access is given based on the current access attempt’s level of risk.

The result is an adaptive approach to authentication and authorization—one that operates under the Zero Trust assumption that the user cannot be trusted. It is not enough to verify a user once and then assume they are trusted forever; you must continuously monitor user activity and be able to revoke access post-authorization when needed.

Learn More About Zero Trust Authentication

Zero Trust Authentication helps improve communication between systems, maximize use of PKI authenticators, and make risk-based access decisions. And as you begin looking to support the Executive Order, it is only going to be more important to identify opportunities to uplevel your infrastructure and solutions to facilitate this enhancement.

To learn more about the components discussed and the evolution of identity security in the federal government, watch Zero Trust Authentication: Modern Identity Orchestration for Attribute-Based Access Control.

| Carahsoft

Tag Archives: Multi-Factor Authentication