If your agency hasn’t experienced some troubling cybersecurity incidents in the past year, you’re one of the few. In 2019 alone, federal agencies reported nearly 29,000 cybersecurity incidents. An increasing number of those are ransomware, a form of malware that encrypts an organization’s files while hackers demand a ransom for the decryption key.
There’s good reason why ransomware and other types of malware continue to plague organizations. Cybercriminals keep devising new ways to get what they want, and their attacks can result in lucrative payoffs.
The best way to deal with cybercriminals is by meeting them head-on through proactive defenses and countermeasures. Let’s put it this way.
Your mission, should you choose to accept it: to detect and eliminate threats across all your assets. You’ll be going up against the best and brightest, but with the right approach, the right tools and the right attitude, you can get the job done.
Step 1: Preparing for the mission
Standalone tools such as encryption and response automation are important weapons in your arsenal, but they aren’t enough. There are a few reasons why:
1. Tools can interfere with each other. If your agency is using two antivirus tools and both detect a threat in a recently downloaded file, the programs may fight to quarantine it. As a result, they might rule each other out. That’s true of other types of tools as well. For example, one security tool could identify an agent associated with another product as malicious.
2. Sometimes, the more tools, the more complex the response. The sheer number of tools can cause interoperability problems, capability redundancies, or, worse yet, reduced effectiveness. Having too many tools gives the illusion of better security, when the opposite could be true. One study found that organizations using 50 or more security tools ranked themselves 8% lower in their ability to detect an attack, and 7% lower in their ability to respond, as compared to respondents with fewer tools.
3. Some older cybersecurity tools aren’t compatible with newer technologies or the cloud, rendering them useless. Say that your agency began using a specific network firewall 10 years ago, around the time it was revamping its network. While that tool may have been effective back then, it probably doesn’t work well in today’s distributed, cloud-based environment. That means you’re not getting the protection you need.
Step 2: Readying your troops
In this case, your troops are your capabilities. The best way to defeat the enemy is by having the right specialists in your squadron working as a unit.
The first specialist is security testing. Penetration testing is one of the best ways to understand your agency’s vulnerabilities and how hackers could exploit them. With this information, you can better prevent, detect and respond to security incidents. The most effective testing requires the right focus — one that thinks like the bad guys. That’s why many agencies use testing experts — often, independent, trusted third parties. They understand the landscape and can achieve results.
Second is threat detection and response. When it comes to stopping cyberattackers in their tracks, speed is the key. The quicker you know what you’re dealing with, the quicker you can stop it.
Specialist first class threat-hunting is up next. Looking for threats before they become bigger problems is the best way to protect an organization. This comprehensive method requires proactively searching through agency resources and pathways to detect and isolate threats. The most effective threat-hunting combines advanced processes, security tools and human intervention. To get the best results, use experts in digital forensics who know how to find and take out the bad guys.
Next up is commander incident response. When a breach happens, coordination and timing are everything. It’s hard to learn to fight an incident when you’re in the middle of one! So, you need a well-rehearsed response plan that’s regularly tested. To ensure success, some agencies choose to have an outside expert standing by.
Bringing up the rear is staff sergeant vigilance: When it comes to cybersecurity, you can’t miss a beat. The cybercriminals never take shortcuts, but they’re always on the lookout for missteps they can exploit.
For more, check out GovLoop Academy’s recent course, “How to Strengthen Cybersecurity (Beyond Buying New Tools),” created in partnership with Trustwave and ThunderCat.
Karen – Great article and insight! I remember during my CISO tenure, one of the key objective was to future proof our security operations by simplifying the technology landscape. Thanks for publishing.
This is so relevant and important right now. Thanks for posting!