What can we do about public-sector security breaches?
- By Sherban Naum
- Aug 19, 2019
Just as the sun comes up every morning, cybercriminals continually change their tactics to counter the latest defenses. This tactic was highlighted in the annual Verizon Data Breach Investigations Report, which described the changing face of cybersecurity threats. For public-sector organizations, one of the concerning findings is that 66% of breaches can now be attributed to cyber espionage, with hackers seeking to quietly gain access to exfiltrate data. For government agencies, this can be particularly concerning considering the high-value assets they must protect. It’s critical agency security teams learn to keep up with the evolving methods cybercriminals deploy.
Subtle is in
This year’s Verizon report paints a clear picture of cybercriminals taking a more subtle approach to accessing high-value public-sector assets. Hackers don't announce their presence anymore – as they did with noisy ransomware attacks. Instead, they silently gain network access and remain undetected as they conduct reconnaissance, listen to state secrets, insert backdoors, escalate privileges and exfiltrate data. The longer the dwell time -- the time hackers have unauthorized access to systems -- the more damage they can inflict. The system used as the point of entry often isn’t the hackers' goal. Instead, attackers want to find a weakness to exploit, and then move through networks to gain access to high-value assets. It’s obvious that they’re now playing the long game.
Government agencies and operations span across the globe, with millions of employees and countless pieces of software and hardware that present a rich and porous attack surface for hackers to exploit. Unfortunately, identifying attackers and preventing breaches has become tougher. Despite collecting huge amounts of data from various security monitoring tools, security teams are often unable to see the big picture. Overloaded teams focused on putting out fires rarely have time to proactively hunt for threats or correlate seemingly unrelated attacks on applications, end-point devices or users.
How do we protect high-value assets?
Protecting high-value assets has turned into a game of cat and mouse, but for government agencies to win such a contest, they must adopt layered defenses that isolate applications to identify and contain malicious threats. This move applies protection at the most common point of entry – the network endpoints – and prevents hackers from gaining a foothold in agency systems. It also reduces the attack surface by closing off routes into the enterprise like emails, browsers and downloads.
By turning the endpoint from a traditional weakness into an intelligence gathering asset, agencies get complete threat telemetry about the hacker’s intent that helps them harden the entire defensive infrastructure. This strategy gives security teams the big picture, reduces false positives and allows malware to detonate with no impact. Isolation stops hackers at the point of entry and provides security teams with the time and information they need to analyze the real threats they’re facing.
Cyber espionage will continue to be a problem for both the public and private sectors. How government agencies combat a determined, persistent enemy is key because, so far, cybercriminals have still been able to regularly gain access to enterprise systems. To get different results, government agencies must devise strategies to protect their high-value assets. Cyber espionage is not going away, but the stakes are too important to keep doing things the same way.
Sherban Naum is senior vice president for corporate strategy and technology at Bromium.