As organizations and citizen users increasingly depend on websites, mobile computing and web-based applications, they become exposed to greater privacy and security risks. Because of the open infrastructure of the Internet and the growing availability of hacking tools, almost anyone can carry out a cyberattack against any organization or user relying on networked applications and systems.
Cyberattacks take advantage of vulnerabilities in software, devices or the humans that administer and use them. From spear-phishing, malware and ransomware, cyber criminals are able to employ a range of sophisticated attack methods to access critical digital assets, disrupt operations and steal user data. The scale of these attacks is also overwhelming. On average, 1.4 million unique phishing sites are created each month and over 300 million unique malware files are created each year. These cyberattacks can cost agencies millions of dollars in revenue, productivity and damaged reputations, making cybersecurity a top priority for 2018.
But how can organizations effectively protect themselves against mounting, complex cyber threats? GovLoop's recent online training, How to Mitigate 2018 Cyberthreats, asked experts Barry Condrey, Chief Information Officer for Chesterfield County, Virginia (recognized as the number one digital county in the nation for the last three years); Tommy Cormier, Senior Solutions Engineer Enterprise for Akamai Technologies; and Mustafa Qutub, Enterprise Sales for Akamai Technologies how agencies can leverage actionable threat intelligence to protect against threats and create a more cyber-resilient culture.
The traditional way of looking at cybersecurity is “protecting the castle,” where the castle is an organization’s network, systems and assets, and the moat surrounding the castle is analogous to the network’s outer defenses. This analogy exemplifies how security controls have long-been perimeter-based — dependent on tools like firewalls and intrusion detection systems. But these methods, centered on static data centers, are proving insufficient to protect against larger-scale, distributed cyberthreats.
Users can now, for example, operate outside the perimeter by accessing an application on their mobile device. “Digital transformation is challenging our traditional security assumptions,” said Qutub. “We have to look at protecting the castle in a different way than we have historically, because enterprises are turning inside out.”
As organizations are embracing mobile technology and migrating applications and data to the cloud, a perimeter around an enterprise may no longer make much sense. Instead of bolstering the perimeter with traditional tools that can increase security risks, organizations need to update their strategies around identity and application awareness in the cloud.
Shifting the castle concept to cloud perimeters around users and applications assumes there is really no “inside,” explained Cormier. “Successful security transformation requires a zero-trust model, which treats the entire network as compromised and hostile; only delivers data and information to authenticated users and devices; and always verifies with logging and behavioral analytics.”
Organizations need to implement multi-layered defenses that can detect and deflect cyberattacks early in the kill chain. One proactive approach to cybersecurity is utilizing services to preemptively identify, block and mitigate targeted threats that exploit the Domain Name System (DNS). Cormier described how Akamai deployed an Enterprise Threat Protector (ETP), which validates and checks requested domains against domain risk scoring threat intelligence. As a result, networks saw a 37 to 54 percent decrease in malware-related incidents month over month, and saved time spent on investigating and responding to malware. By providing intelligence through Akamai’s ETP service at this early-middle step, organizations can shield end users more effectively and stop threats further away from the perimeter.
However, it is critical to remember that technology alone can’t solve all your security problems. Condrey explained that the majority of successful cyberattacks are a result of “well-meaning people doing the wrong thing.” Cultivating a strong cybersecurity culture is one of the most important steps toward preventing cyberattacks.
“You can’t have good cyber unless you have good people. Cyber is a people business, first and foremost,” he said. “Everyone in the organization needs to be responsible for information security — not just database administrators or IT employees.”
Some of the challenges facing government are shrinking workforces and budgets. The government must do more with less — and this has consequences for agencies' security posture. Employees who are overworked, disengaged or underutilized are more likely to make security mistakes or miss a potential threat. That's why educating your workforce can prove to be the number one weapon in security.
“Investments here pay big dividends. Make security awareness part of everything you do — when you have meetings, new employee orientation and other touchpoints with employees,” said Condrey. “Work on changing the environment and work culture to one that appreciates the importance of information security and knows exactly what you’re protecting. Organizational cultures that are good for employees are also good for informational security.”