The cost of a cybersecurity breach is staggering.
In fact, according to Cisco’s “2018 Annual Cybersecurity Report: Impacts on Government,” 87 percent of attacks on the public sector cause the entities they attack $1 million or more in damages, with 95 percent causing more than $500,000 in damages. Just ask the city of Atlanta, which was stuck with a nearly $3 million bill, after a recent attack on the city’s government. But Atlanta is just the most recent example, as nearly three-quarters (74 percent) of public sector agencies have experienced cyberattacks on their operational technology infrastructure, the Cisco report finds.
The bad news, however, is that attacks on the public sector are only likely to get worse as cyberthreats become evermore sophisticated.
“Ransomware no longer requires a user to click on the wrong link or attachment. WannaCry and Nyetya used vulnerabilities and worms to effectively and expeditiously spread ransomware — the latter actually being delivered in a software update of a tax software package,” says Dan Kent, Cisco Systems’ public sector CTO. He adds that malware is also becoming more evasive against existing means of detection, alongside a dramatic increase in malware using encryption.
This is all alongside new ways that threats are finding their way into public sector entities by leveraging legitimate cloud tools and applications to create their command and control channels.
As these new threat vectors arise and current forms of malware and ransomware get more sophisticated every day, the public sector is struggling to keep up. The number of public sector attacks outpace the private sector, where just 46 percent of organizations in the U.S. have experienced a serious security breach, according to a recent Cybersecurity Insight Report by CDW and research firm IDG. This has much to do with the resources available to the public sector.
“Cybersecurity is like a cat-and-mouse game: When one threat gets addressed, another shows up, which leverages a new method or vulnerability,” says Kent. He notes that while the public sector has done a good job gaining visibility into its assets and working on basic cyber hygiene, a lack of resources and an abundance of attack-prone legacy systems put the public sector at greater risk.
Although these threats are already top of mind for most agencies, what will it take to stay ahead of threats in the long run? According to Kent, agencies with a solid first line of defense and a comprehensive cyber policy are most likely to adapt to these new threats.
Holistic Cybersecurity Keeps New Threats Out
So, what’s the first line of defense? A holistic approach to security that makes use of end-to-end architecture and multiple lines of defense is the best way to keep agencies safe.
“This creates an environment of many systems working to address the multiple attack methods. It is important that data and insight from each of these systems be shared with the other systems to provide a better holistic picture,” says Kent.
Visibility is also key.
“You can’t protect what you cannot see,” says Kent. “The way to stay in front of the ever-changing threat landscape is to have consistent and ongoing visibility of your environment, and benefit from the resulting insights.”
Smarter Threats Call for Cognitive Security Tools
While security and event management tools previously offered agencies the visibility they needed into their operations, the evolving threat landscape demands even more sophisticated tools as well, including machine learning and artificial intelligence-based tools that can provide near real-time visibility and threat intelligence.
“Integrating a global threat analytics database feed enables the tools to maintain up-to-the-minute threat visibility and mitigation. This means that network devices, security devices and endpoints should all participate in the overall assessment and monitoring of the landscape,” says Kent.
Behavioral analytics tools are likely to be the best instrument that agencies have in mitigating these new types of attacks.
“These tools are not dependent on knowing the malware; rather, they provide visibility into the action on the systems that are being attacked by the malware and, thus, is useful on all malware,” says Kent. “Detecting anomalous behavior on the systems in real time helps start to mitigate the situation as soon as it is detected, limiting the impact. After the event, forensics of this behavioral analytics can be used to understand exactly what the malware is and how it arrived.”
Determined, Innovative CIOs Can Keep Public Sector Threats at Bay
While the threat landscape will likely only become more dangerous, if public sector CIOs continue to adopt innovative technologies and focus on a holistic, threat-centric approach, they can likely keep these threats at bay.
“The CIO should drive processes that leverage best security practices in the industry, especially around application, system and appliance patching,” says Kent.