Did you know that 2015 saw one of the worst government data breaches in history with 21.5 million identities exposed? With such a daunting threat landscape, security becomes everyone’s job.
In the recent GovLoop online training, What’s the Cyberthreat Landscape for Government?, we heard from Paul Wood, Cybersecurity Intelligence Manager, Symantec, and Robert B. DiNardo, Assistant Section Chief for the Cyber Intelligence Section, Federal Bureau of Investigation. They discussed Symantec’s 2016 Government Internet Security Threat Report’s findings and how to secure your data more effectively to prepare for potential attacks.
“Attackers make it hard to track their crimes. They are more professionalized in what they’re doing,” said Wood. There are so many new types of attacks to worry about, such as zero-day attacks, which are an unknown vulnerability that exists within a software or technology that can be exploited and attacked. With things like this, how can the government protect itself?
DiNardo covered three things to keep in mind while going through your cybersecurity landscape.
Look at your threat actors. Every attacker is after different information, which makes each attack different. Examples of threat actors include nation-states, terrorist groups, criminal groups and lone offenders. “Nation-states are the most advanced actors because they can be dedicated to their resources, infrastructures and they have the ability to create a cyber supply chain,” said DiNardo. Looking at motives, capabilities, opportunity and historical activity will help you become more secure.
Look at the vulnerabilities. Looking at your system and looking for flaws is where you should start to improve things. You are susceptible to exploitation and/or attacks by a threat actor, but doing your research and improving your cyber landscape could protect you from your vulnerabilities.
Look at the impact. The impact is the level of harm to your safety, economy, operations or public trust. A way to measure the impact is to see what data the threat actor has taken, such as classified information. “The FBI is responding by having security investigations and intelligence tools such as recruitment and training of cyber personnel,” said DiNardo.
“There are two types of organizations; those that know and those that don’t know they have been attacked,” said Wood. If you know your organization has been attacked, go over your security landscape.
If you go over these three things while thinking about your cyberthreat landscape, you will be able to effectively prepare for cyberattacks, train your cyber workforce and make security everyone’s mission.