This blog post is a recap from GovLoop’s Government Cybersecurity Virtual Summit. To see more blog posts about the summit, click here.
Stopping cyber breaches in government is getting more difficult by the day. Agencies want more ways to seamlessly transmit data and collaborate with partners, while hackers are finding more ways to infiltrate systems and exploit new vulnerabilities. Balancing access and security is never easy, but if agencies focus on protecting privileged account credentials from external attacks, cybersecurity professionals in government can mitigate the risk of large breaches.
During GovLoop’s Government Cybersecurity Virtual Summit, guests heard from Rod Simmons, Director of Product Management at Beyond Trust, to learn more about external attacks against government privileged accounts. Although breaches might be inevitable, protecting passwords, controlling which accounts can access which pieces of information, and constantly updating and patching systems can make the entire system more secure.
First, Simmons explained that protecting system credentials and privileged accounts is crucial to government cybersecurity because if hackers or insider threats can gain control of administrator accounts, then they will have access to information across the organization. According to Simmons, “There were 6,435 common vulnerabilities and exposures published in 2016, and 250 of these could have been mitigated or prevented if the user did not gain administrator privileges.”
By compromising passwords of accounts with elevated rights, hackers can move laterally within the network to gain access to sensitive information. Also, insider threats can use their own access to leak or steal information from the organization. That’s why Simmons recommends that agencies use an enterprise security solution that protects passwords and
limits the access of accounts. Right now, many agencies use simple word documents or spreadsheets to house passwords, but if hackers gain access to the file, the whole organization becomes vulnerable. With a holistic security system, if an account or document is compromised, other accounts and information are protected.
One challenge though to protecting account access to information though is that many times, people need to access different pieces of information across the organization to do their daily jobs. That’s why Simmons also recommends that agencies, “Create secure enclaves within the organization. The enclaves act as security zones that notify administrators when certain credentials are being used in unfamiliar systems.” This can be supplemented by internal protocols that employees know and consistently follow, so that administrators are aware of suspicious behavior on accounts.
Lastly, Simmons recommends that agencies continuously audit, monitor, and update all IT networks, including email, IoT, and application security systems. Continuous security scans will allow system administrators to find and patch vulnerabilities, which hackers might exploit with in an instant. He added that having systems and business processes to constantly update passwords, eliminate unused accounts, and educates employees on vulnerabilities can help protect against large scale breaches.
Although agency leaders may have budget constraints or competing priorities, securing IT systems and privileged accounts from external hackers and insider threats is imperative for any cybersecurity strategy. By protecting passwords with an enterprise security system, creating security enclaves for accounts to access information, and continuously patching vulnerabilities, agencies can mitigate breaches. All it takes is one mistake or vulnerability for external threats to infiltrate systems, but protecting privileged accounts can prevent some of the most extensive damage.
Did you enjoy GovLoop’s Government Cybersecurity Virtual Summit? Don’t miss our next virtual summit, all about government innovation, on May 10. Sign up here.