This interview is an excerpt from GovLoop’s recent Guide to Government’s Critical Cyberthreats. This research guide explains the various cyberattacks government endures and provides steps to safeguard your information systems.
In a recent survey conducted by independent research vendor Market Connections on behalf of SolarWinds, 44 percent of respondents said that the increased sophistication in threats was the primary reason agencies are becoming more vulnerable to cyberattacks. An additional 26 percent cited a sheer increase in volume as a top concerning factor.
Mav Turner, Director of Product Strategy at SolarWinds, explained how to wade through those mounting threats to achieve better security. “First, you have to consider who is the attacker? You should have clearly defined defenses deployed to protect against internal and external attackers. Second is the how. What are the specific types of attacks that you are most vulnerable to and do you have appropriate prevention and detection strategies in place,” he said.
KNOW THE SOURCE OF YOUR THREAT
Regarding sources, Turner particularly separated external and insider threats and said it’s important to identify which is most likely to expose your organization. While we commonly think of external attackers as the main instigator of breaches, SolarWinds’ survey found that 68 percent of IT professionals reported security breaches caused by human error and an additional 25 percent of respondents reported privileged access abuse by organization employees.
Internal attackers often have privileged access to systems that they can take advantage of. Also, internal users have access to confidential data as part of their job. Ideally that data would never leave the direct ownership of the agency, but with mobile devices more prevalent than ever, it’s very difficult to ensure sensitive data doesn’t get out.
“The trick is always to look at the concerns for you specific agency,” Turner said. “IT Pros need to understand what services and what systems they have, how they operate, and who uses them.”
ADDRESS INSIDER THREATS WITH TOOLS AND TRAINING
Once you identify the internal or external threats that your agency is most susceptible to, it’s time to apply solutions. “With the combination of tools and investment in people, you can help address many of the human errors,” said Turner.
It begins with training. Especially as agencies accrue new solutions, the need for training becomes more crucial. “As the complexity of an environment increases and you bring in new technologies like cloud or software-defined networking, and as those technologies become critical to the infrastructure, human error increases because workers don’t have the training to manage these systems,” Turner said.
While most organizations know that education can greatly reduce the risk of human error, it is rarely delivered effectively. Turner cited the tendency to prioritize operations over security, as well as time constraints on IT staff as major barriers to success. To overcome those barriers, agencies should consider complimenting training with effective technology suites.
While insider attacks often abuse weaknesses in process and training of other employees, Turner said you shouldn’t discount technical solutions that can help mitigate human errors. Particularly, automated processes can create safeguards in processes and free time for IT staff to focus on security.
“For instance, products that automate network configuration management can require multiple parties to approve any one change. So before anyone makes a change to the infrastructure, someone else has to look at it and determine if it could create a vulnerability” he explained. That way, even if one person does make a mistake, the tool will help ensure it is noticed before the change is released.
Automated patch management tools can also minimize the potential of human error by automatically repairing vulnerabilities in 3rd party software before an employee can accidentally be tricked into running something that abuses that flaw to execute an attack. That automated patch deployment also saves IT staff valuable time, allowing them to focus less on everyday operations and more on advanced security efforts.
“Automation is absolutely critical to any security team,” Turner continued. “The other necessity is tighter integration between operations and security.”
Performance management tools can provide greater transparency into the operations of your systems, as well as abnormal activity that might point to an attack or breach. “So all the performance monitoring tools actually help provide the visibility to improve security and it helps bring together operational and security teams in the process,” Turner said.
SECURITY TO DELIVER BETTER SERVICE
Finally, Turner explained how investing in training and tools to mitigate human errors can ultimately lead to better government. “If you have the right people, process, and tools in place to operate efficiently, in addition to improving security, you’re also likely delivering better service,” he concluded. “When IT has a problem, the whole agency has a problem. But by making sure you’re applying the right resources and decreasing human error, agencies can focus on their mission, rather than worrying about the tools they are using to accomplish that mission.”