Reduce the noise to strengthen agency cybersecurity defenses

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By John Nemoto and Chris Lavergne
 

Connecting state and local government leaders

By John Nemoto and Chris Lavergne

|

With up-to-date robust tools, detailed processes and policies and an involved cybersecurity workforce, agencies can reduce the noise in network traffic and spot the hidden and more complex risks and threats.

Technology advances have given cyber criminals and hostile nation-states more tools to breach networks and gain access to sensitive data, relegating standard perimeter security tools and firewalls to mere first-layer status. Attacks are growing increasingly sophisticated, more devastating and much harder to identify and mitigate, especially in vast government agency networks with countless points of entry. Even with aggressive defenses, network perimeter breaches are inevitable.

Federal agencies must have robust tools and technologies in place to help administrators identify and contain irregular activity. The ability to quickly and reliably spot, resolve and protect against threats by reducing the noise is paramount.

That noise -- the enormous volume of network traffic -- is the problem. Noise can make it nearly impossible for a security analyst to differentiate between legitimate data exchanges and security risks. A comprehensive cybersecurity framework helps reduce the noise so anomalies are more readily apparent.

There are five crucial elements of a noise-cancelling cybersecurity framework:

1. Maintaining a security-focused approach to development

Not all networks are built with security as a primary objective. DevSecOps provides a security-focused approach throughout the development process when implementing new tools, resulting in a more secure end product.

For many years, a DevOps approach was the traditional way of implementing new software across government, because it prioritizes business functions to facilitate organizational decision-making. Security was important, but not a core consideration during development.

DevOps is effective, but by not building security into the process from the beginning, it can leave developers with security vulnerabilities that are too costly or too time consuming to address after-the-fact.  DevSecOps helps to change the underlying business culture to one that embraces security and considers the downstream security impacts of decisions. Doing so helps organizations choose solutions and processes that are secure and helps close many cybersecurity vulnerabilities earlier in the development process. 

2. Employing layered protection tools

With a security-focused approach to development, agencies start from a position of strength to defend against breaches. Adding protection tools helps to fortify an organization’s defenses further.

Securing organizational data is the primary goal of any cybersecurity framework. To do so effectively, agencies should employ security at multiple levels. Securing the network, and all the underlying systems and devices that access it, neutralizes the majority of threats. That makes it easier to spot nefarious activity.

There are several types of layered security approaches. Perimeter and endpoint security act as an initial barrier, protecting against the most common breach methods that hackers deploy. Perimeter security filters the most obvious network threats, reducing the amount of data traffic and making the threats that make it through simpler to flag.

Endpoint security allows agencies to understand how devices should behave while on the network and can help identify anomalous requests that can indicate someone has penetrated the network. Endpoint security policies, which define what capabilities employee devices should have and bind devices to only their necessary functionality, can prevent hackers from accessing and using employee devices to penetrate the network further.

Zero-trust authentication protocols can help ensure that hackers who have commandeered employee devices or breached the external network do not have free rein to access sensitive data. Zero-trust assumes that every attempt to access the system is from an unknown entity and requires proper credentials, every time, before granting access. 

3. Engaging in effective, real-time threat monitoring

Real-time threat monitoring is effective only with security tools filtering out most of the more rudimentary attacks and ensuring devices and systems are behaving as they should. Because these tools have an understanding of each system’s intended function, they can more quickly detect and alert administrators to suspicious activity. As such, security teams can focus less on monitoring network traffic and more on anomalies requiring quick resolution.

Advanced approaches to real-time threat monitoring allow agencies to be proactive in the fight against cybersecurity threats. One such approach is a security operations center, which establishes a specific centralized function within an organization that is designed to continuously monitor and improve cybersecurity posture. With excess data filtered out and a team specifically dedicated to analyzing cyber threats, an organization’s administrators can become threat hunters.

4. Providing comprehensive cybersecurity education and training

Even the most robust cybersecurity tools work best alongside a strong, comprehensive cybersecurity training and education program.

Agencies should educate their workforce consistently on present-day cybersecurity threats. The social engineering schemes that hackers employ, designed to steal login information and install malware on systems, are much less likely to be effective when employees are aware of the methods cybercriminals are likely to use. A 2020 study highlighted that breaches due to insider risks have increased by 47% since 2018. Moreover, about 62% of the breaches that resulted from insider risks were due to employee negligence or inadequate training.  Emphasizing the importance of vigilance against threats and making workforce training a priority throughout the agency reduces cybersecurity noise from within the organization, allowing administrators to keep the number of threats they face manageable. 

5. Choosing the right strategic partner

With a combination of smart tools and an educated, engaged cybersecurity workforce, an agency has the building blocks of a strong cybersecurity posture. Even so, putting them all together to form a strong defense against cyberattacks requires guidance from the vendor providing or helping to implement the tools.

A strategic partner brings knowledge of what has worked for other agencies and what issues others have encountered, and it can prevent agencies from repeating mistakes others have made. Additionally, working with a vendor that can provide solutions, tools and the services that keep agencies secure creates a closed development process that results in more secure data exchanges between systems. There is also an inherent compatibility between systems that are designed to work together. Choosing the right strategic partner provides the context and expertise agencies need to put together all the pieces of a strong cybersecurity framework.

Preparing for emerging cybersecurity threats

Taking the steps outlined above, agencies can secure sensitive data effectively and ensure underlying systems prevent threats from penetrating other key areas. However, the battle does not end once an effective cybersecurity framework is in place. As threats and risks evolve, cybersecurity prevention tools and processes quickly become outdated.  Agencies must be forward thinking, looking to continuously adapt to evolving risks and threats by educating their workforce and updating obsolete tools and processes. With up-to-date robust tools, detailed processes and policies and an involved cybersecurity workforce, agencies can reduce the noise and spot the hidden and more complex risks and threats.

NEXT STORY: Shared tactics between emergency response and IT defense

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.