Cybersecurity has begun a new chapter, and it’s time for agencies to flip the page. The old moat-and-gate model is antiquated, but still, many agencies operate with the assumption that their attackers are on the outside looking in.
Unfortunately, bad actors are likely on the inside of agency networks and systems right now, and if not, they will be soon. How far they go, and how much damage they do, is determined by security structures.
“While cyberattacks are inevitable, negative business impact is not,” said Kevin Jermyn, Federal Customer Success Manager at CyberArk, which specializes in identity security.
Those clinging to the vestiges of rotting security structures could meet nightmarish attacks. But those willing to transition to modern models that recognize attacks past the surface can protect their assets.
In a few easy motions, agencies can begin that transition.
1. Assume breach
Agencies must begin with an “assume breach” mindset. Simple identity safeguards, like locking accounts after too many password attempts, aren’t enough.
During the SolarWinds breach, purportedly the work of nation-state actors, attackers worked methodically and sophisticatedly so as not to trip any wires or raise any red flags. These kinds of attackers are well-equipped and don’t act carelessly in search of a quick payout.
To frustrate hackers and make them resort to desperate approaches, agencies can employ privilege. With least privilege, employees can only access network resources if they’re essential to their job. One-off permissions are handled ad-hoc.
“Implementing preventative controls that consistently enforce least privilege will help buy an organization invaluable time,” Jermyn said.
2. Promote transparency
The first step to stopping a breach is spotting an attack. The next is reporting it.
But when it comes to communication, cybersecurity is sadly an area clouded with secrecy. Often, no one wants to report an attack, afraid of being the messenger. But in the hiatus between first signs and first report, the attack snakes across systems, inflicting all the more damage.
Agencies need greater cooperation and transparency from all parties. Employees should have a clear reporting pipeline for when they notice something amiss, and they need to feel secure doing so – possibly pointing to confidential disclosure. For vendors, government can ensure specific items for cybersecurity action and transparency, like confidential reporting, are a part of every contract.
3. Prioritize identity
All signs point to identity as the future of cybersecurity. Identity-centric security works off the principle of least privilege for access management and secures both human and machine entities.
A leader in privileged access management, CyberArk uses AI to eliminate friction and provide a seamless end user experience. Real-time analytics and processing can quickly detect suspicious behavior to snuff out cyberattacks.
Identity covers three main areas: authentication, authorization and auditing. In order, it processes credentials, proves identity and creates a paper trail of behavior. That means agencies can stop hackers in their tracks and trace back their steps to shore up the enterprise.
“Identity security accelerates business agility, while giving agencies the peace of mind that their crown jewels will be shielded from attacks,” Jermyn said.
This article is an excerpt from GovLoop’s recent guide, “Your Cybersecurity Handbook: Tips and Tricks to Stay Safe.” Download the full guide here.