Identity-based cybersecurity threats are on the rise. The number of phishing attempts — the most common type of cyberattack — increased 62% from 2023 to 2024, for instance, and identity-related incidents have directly affected 84% of organizations this year, a 68% increase from 2023. What’s more, identity breaches are often the first step to a larger cyberattack, and the public sector is a primary target.
Cybercriminals “are trying actively to hit and target governmental agencies to impact them negatively [and] take them down,” said Alexandra Weaver, Senior Solutions Architect at Semperis, which offers a comprehensive active directory security and recovery platform that protects hybrid environments from identity-based threats. Because state and local agencies are responsible for critical infrastructure, attacks can be disastrous for communities and constituents.
Protecting your active directory (AD) — the core identity system for most organizations — is critical. “Active directory holds the keys to your kingdom,” said Weaver. “It is your source record of identity. Everything lies there…, and that’s exactly what cybercriminals target.”
Watch Your Environment
There are certain things you can do to keep your environment secure, explained Weaver. You can use a tiered administrative model, such as just-enough administration that limits how long someone can access a system and assigns exact permissions for specific tasks. You also can establish privileged access workstations and require multi-factor identification for administrative accounts, she said.
Weaver also recommends a layered security approach with network segmentation. Active directory administrators know they can’t have a single point of failure, she said. “We can’t just rely on one thing and one methodology.”
Overall, Weaver emphasized the importance of having a plan. “It’s not [just] important that people have a disaster recovery plan in place, it’s actually critical if you want the operation of your business to survive.”
Get to Know Your Solution
As you build your plan, an identity threat detection and response (ITDR) solution can help you efficiently monitor, detect and respond to threats, “cut[ting] weeks to days, days to hours, and hours to minutes,” Weaver said.
You can test a solution in an isolated lab, evaluating what it provides to help you get up and running again after an incident. An effective solution should focus on what happened and on how, when, and where someone got into your environment. “You want to take the heavy lift out of the situation,” said Weaver.
Semperis’ Purple Knight tool helps administrators identify and remediate system vulnerabilities. There’s also Forest Druid, a Semperis tool that allows agencies to define their most critical, Tier 0 assets and secure them, from the inside out, against identity attack paths, Weaver said. “So, that’s a way in which you can really look down and lock down your permissions in AD,” she added.
With identity threats growing each day, it’s essential to practice recovery operations under non-emergency conditions, to see how well your incident response plan works. “Don’t just draft it out,” said Weaver. “Actually follow it [and] practice now while you’re not under pressure.”
This article appears in our guide, “Going Places: Priorities for State and Local Tech.” To learn more about how state and local agencies are making the most of technology, download it here:
