In today’s threat environment, where ransomware and other attacks aim to steal and exploit user credentials, a focus on identity “is the first step in securing state and local systems,” said James Imanian, Senior Director, U.S. Federal Technology Office at CyberArk. Yet many state and local IT teams struggle to implement strong identity controls.
“Limited budgets mean that they’ve got older IT infrastructure,” and IT teams may be unable to adopt modern cybersecurity strategies, he said. And they may be slow to adapt, simply because normal bureaucratic hurdles get in the way.
This means agencies often lack the tools needed to adequately address today’s cyber threat — but there are steps agencies can take to strengthen their identity security.
Getting More Secure
“At the tactical level, organizations that haven’t implemented multifactor authentication (MFA) need to do so,” Imanian said. “That really needs to be a cornerstone of their identity security practice.”
IT teams also need to regularly patch their systems. “The vulnerabilities the threat actors are using are often four or six months old,” Imanian said. “If you have the ability to patch quickly, those incidents may not happen.”
Security teams can implement strong password policies, using tools such as business password managers and single sign-on — which enable the use of more complex passwords without requiring people to memorize them. In addition, IT should lean more heavily into employee training and awareness.
“The human is your first line of defense: It’s not your weakest link, it’s your strongest,” Imanian said. “[People are] going to be in the trenches, they’re going to be doing the workflows. They’re going to see those phishing emails, and you really need to train them well.”
Making a Difference
As a global leader in identity security, CyberArk helps, offering a platform that can be the first line of defense against malicious actors and unauthorized access. “CyberArk brings an identity security platform approach, to protect every identity with the appropriate level of privilege controls,” Imanian said. “It enables secure access for any identity, human or machine, to any resource or environment, from anywhere, using any device.”
The technology supports the discovery and management of user credentials and enables agencies, Imanian said, to isolate those credentials and the sessions those credentials initiate. It also enables agencies to record and audit the sessions for compliance and incident response.
The Chico Unified School District offers an example of what’s possible, said Imanian. With a small IT team and a large number of users, “CyberArk helped them improve their identity security by strengthening their passwords, applying MFA and managing privileged access across their school district,” he said.
Ultimately, to make best use of scarce resources, IT teams should address identity as part of a larger cyber strategy. “Understand the applications and the workflows that enable your mission, as well as your adversary’s intent and capability,” Imanian said. “Work with leadership to look at the big picture.”
This article appears in our guide, “Going Places: Priorities for State and Local Tech.” To see more about how state and local agencies are making the most of technology, download it here:
Leave a Reply
You must be logged in to post a comment.