Cyberattackers are becoming more aggressive and powerful, often because they either are collaborating to cause the most damage or running indiscriminately over companies in the direct path of their intended target.
That’s why government agencies need to take a collaborative approach to their cyber defenses. It’s no longer good enough to rely on traditional cybersecurity approaches or try to defend agencies alone. By sharing anonymized threat information in real time, government and private sector organizations can work together to triage and take action against active threat campaigns early in the intrusion cycle.
A collective defense approach is the most effective way to stop aggressive hackers in their tracks, read on for best practices on how public sector agencies can move toward true collective defense.
Realign your strategy to meet today’s realities.
While there is no doubt that every agency needs effective cybersecurity tools, those tools aren’t as effective without the right strategy surrounding them. In fact, cybersecurity should be regarded as inherent to the agency’s strategy instead of just a technology tool or compliance requirement.
One resource that might help is the U.S. Cyberspace Solarium Commission, a federal organization that published a report last year to improve cybersecurity. The report consists of more than 80 recommendations to improve cybersecurity collaboration with the private sector, reform the government’s structure and organization for cyberspace and reshape the cyber ecosystem.
It recommends a new strategic approach to cybersecurity called layered cyber deterrence that aims to reduce the probability and impact of cyberattacks of significant consequence.
Move beyond signature-based analytics to effectively detect and mitigate unknown threats.
Signature-based threat detection, which compares traffic with known threats, is a valuable way of identifying and analyzing malicious network attacks, but it’s no longer enough.
Agencies looking for ways to identify and analyze unknown threats in time to prevent them from doing damage are looking at behavior-based threat detection and analytics, which can spot abnormal patterns of data in a network, detecting the unidentified and more sophisticated attacks that evade traditional preventative techniques.
Unknown threats include modified or recompiled known malware with minor changes, the use of open communication protocols for malicious purposes, system access via stolen credentials and data or IP loss through legitimate cloud services.
Address risks in the remote work environment.
Many of the public sector employees who have been working remotely for the past year probably will continue to do so, at least part of the time. While this “new normal” offers many benefits in terms of employee satisfaction and productivity, it also challenges agencies to find ways to ensure full security in unprotected environments over time.
That means taking a fresh look at the unsecured technologies and network environment remote employees are using to connect with agency resources. One survey, for example, found that roughly 40% of public sector employees working remotely use personal laptops, tablets or smartphones to get their work done. And then there are the myriad other devices that could be connected to the home network: printers, hard drives, keyboards, mice, gaming devices and even a spouse’s work device.
To address these issues, treat home networks as hostile public networks and consider supplying users with agency-configured devices that enable them to more securely manage their networks. It’s also important to conduct cybersecurity training and simulations for all employees and engage in tabletop exercises involving compromised credentials, ransomware, insider threats and other types of data breaches.
With this approach, agencies can help ensure that all gaps are covered.
This article is an excerpt from GovLoop’s recent report, “Stop Hackers in Their Tracks Through a Collective Defense.” Download the full report here.