This interview is an excerpt from GovLoop’s recent research guide, The Current State of Government’s Cybersecurity.
Now that some of the greatest threats to the United States are from cyberattacks, rethinking your agency’s defense infrastructure is critical. “The federal government has done a good job of investing across the board in protecting their infrastructure from outside threats, but protecting against breaches from the inside is the next big investment area,” explained Jim Kunkle, Vice President, Public Sector at Symantec, a global leader in cybersecurity.
In their 2016 Internet Security Threat Report, Symantec reported that 48 percent of cyber breaches in the U.S. government were the result of accidental data exposure or loss by well-meaning employees. An additional 10 percent was the result of actions by malicious insiders. Naturally, it comes as no surprise that government agencies are taking action to prevent and protect their infrastructures against insider threats.
Agencies need nimble solutions to prevent varied types of insider attacks, especially since attack tactics are constantly changing. Using data gathered from hundreds of millions of emails and enterprise customers, Symantec’s Global Intelligence Network helps agencies recognize their security weaknesses. “It’s really about determining what the mission critical information is, locking that information down, and then being able to continue operations in a compromised manner,” Kunkle said.
One strategy government has adopted to limit insider threats is a stronger authentication process. It is easy to control and monitor access via a government supplied computer on the agency’s network thanks to the adoption of identification cards such as the Common Access Card (CAC) used by Department of Defense. But, as needs for access to government data become increasingly mobile, this system of protections may no longer be effective.
Instead, identity protection needs to be incorporated into online, mobile programs, like Symantec VIP software for information protection. This two-factor authentication system is especially helpful for government agencies that provide electronic capabilities or access to citizens. For example, the Department of Veteran’s Affairs is also using a two-factor authentication system in their enterprise portal that veterans use to apply for benefits.
Protecting logins can only go so far in limiting threats, so it’s important to offer employees better training to prepare them for cyber threats and attacks.
Email phishing attacks have increased by 55 percent from last year, and they are also becoming more targeted, making it harder for agencies to defend against them. In response, tools like Symantec’s Phishing Readiness are designed to help organizations test and train their employees. The program helps teach workers how to recognize and avoid phishing attacks in emails, allowing them to better protect both themselves and their employer.
Government agencies should not just limit themselves to defensive strategies to protect against cyber threats, which is why offensive capabilities are essential as well. Tools like Symantec’s Cyber Simulation help employees train while helping employers identify the best for their IT teams. Similar to how a pilot can practice flying a plane under a variety of conditions in a flight simulator, cybersecurity employees can use it to practice identifying cyber attacks while understanding how hackers penetrate a system.
The simulation can be customized to allow agencies to perform different offensive tasks. For example, one custom engagement focused on trying to disable and disrupt critical government infrastructure around an oil company, including financial and logistical systems.
“It’s difficult to be able to test your skills in terms of live hacking and offensive capability without actually taking down a network,” Kunkle explained. Cyber simulations offer the opportunity to test a team without doing actual damage.
There is no easy, single solution to stop insider threats, and Kunkle warned that agencies should be investing in a number of technologies to prevent system exposure. Through commitments to data encryption, data loss prevention and lockdown technology that limits access privileges, governments can significantly diminish the potential for disastrous insider threats and protect information.
Constant defense against cybersecurity threats is the new normal for government agencies with valuable electronic data. Adequate protections should safeguard three main areas: your infrastructure, your agency’s information and identity protection for both your employees and any citizen-oriented services.
To learn more about the current state of government cybersecurity, be sure to check out our latest guide by clicking here.