This interview is an excerpt from our recent guide, The Future of Cybersecurity, which examines 15 trends transforming the way government safeguards information and technology.
Unlike the physical world around us, there is no distance in cyberspace. That’s great for collaborating with employees around the world or for accessing files when working remotely. But the same Internet-based services we use to increase productivity are also targets for hackers and nation states to exploit, said Tony Cole, Vice President and Global Government Chief Technology Officer of FireEye, a cybersecurity company.
“Back in the ‘90s, there really weren’t a lot of resources focused on solving this problem, simply because there wasn’t much awareness of the growing importance of our interconnected enterprise systems in government,” Cole said. “A lot of people didn’t realize that there would be ample opportunity for organized crime and other nation states to move their espionage practices online.”
Today, there are well over 55 nations armed to conduct espionage in the cyber realm, Cole said. Those nations are far more sophisticated than they were two decades ago, and governments are still challenged with defending themselves and their data in cyberspace.
That’s why FireEye is working closely with governments at all levels to help them detect, prevent and respond to advanced cyberattacks. The security firm specializes in:
- Continuous monitoring capabilities that allow agencies to automatically detect ongoing attacks
- The use of global threat intelligence to profile potential attackers
- Capabilities to quickly prevent or contain attacks using detonation chamber technology as recommended by NIST
Still, there’s more work to be done.
“Governments have a long way to go to put the right policies and architectures in place, so that they can actually minimize the impact,” Cole explained.
Education and awareness for employees is critical since organizations can’t afford to take awareness training lightly, and they can’t assume an annual online course is enough to educate their workforce. Cole noted one Silicon Valley firm that uses gamification to drive security awareness company-wide. When employees alert the security department of spear phishing emails or report other cyber and physical security vulnerabilities, they get points that can then be used to buy things.
For government agencies, gamification may be a cost-prohibitive means to boost security awareness, but Cole encouraged agencies to consider methods that make training an on-going process that keeps security at the forefront of all employees’ minds.
That’s a must, because all it takes is one person clicking on a link, a weaponized attachment in a malicious email, or one exploited security vulnerability in the supply chain to give hackers an advantage. No government agency is immune to cyberattacks, and it’s virtually impossible to stop every attack. If a system is breached, agencies must be prepared to detect the breach quickly and minimize the impact.
But that is easier said than done, considering it takes an average of 205 days from the time an attacker breaches a system to the time an organization detects it, Cole said. That 205-day period is known as dwell time.
And, most often, organizations don’t detect the breach on their own. Instead, a law enforcement agency, a computer emergency response team, or another outside organization notifies them.
Cole’s advice to agencies: Hunt in your environment to determine if you’ve been compromised and don’t rely on just signature based defenses.
Good hunters know the difference between normal activity and anomalous activity on their network. If all of a sudden users log onto the network from Romania, that should raise a red flag. Did someone move? Is there a new remote employee? Or has the system been compromised?
“Agencies need to look for anomalous activity in their networks and external communications, as well as forensic artifacts that can be found inside their network, too,” Cole said.
FireEye partners with agencies to conduct compromise risk assessments and help them with their hunting, Cole explained. “We go in and hunt in their environment to show them indicators of a compromise,” he said. If the agency has been compromised, FireEye shows agencies how to lock down their systems and recover.
Cole said until recently, many organizations still don’t see themselves as targets for cyberattacks. But massive breaches like the one directed at OPM have forced everyone to consider how their data — if compromised — could create a full picture for hackers looking to harm them or their allies.
State actors target contractors, subcontractors, partner agencies and seemingly obscure third-party organizations that do business with the government to ultimately gain access to sensitive government assets.
“We’re all in this together,” Cole said about cybersecurity and its global impact. “We’ve got a lot of allies around the globe, and many of those attacks can go through them to get to us, or vice versa. We need to talk more about information sharing and best practices from a global perspective.”