There’s no escaping that COVID-19 has been an especially devastating and dangerous time for cyberattacks. Attacks have shelled agencies, and though some have been in the news, others have gone largely unnoticed.
Cyberattacks are somewhat taboo in IT circles. No one wants to admit when they’ve been compromised or made a mistake, even though communicating early is the most surefire way to prevent major data loss.
“What I share today could stop the next attack happening to another agency tomorrow,” said Brandon Shopp, Vice President of Product at SolarWinds.
One challenge for agencies is the lack of transparency around their cyber ecosystem. Because infrastructure is off premises, in the cloud, and employees are off premises working from home, agencies are relying on self-reporting that may not come soon enough.
Stopping cyberattacks is going to take all sides working together: individuals, agencies and industry. A three-pronged approach can accomplish this feat.
1. Understand
COVID-19 sent tremors down the spines of organizations, shaking up everything from workflows to routines. And as the permanent impacts of the pandemic have become increasingly clear, agencies should shed the security of the past.
In remote environments, cloud solutions are in vogue. After initial training, security teams should communicate to employees what the cloud means for them. Agencies should also explore solutions designed for a hybrid and remote world, such as endpoint detection and response software, which discovers and assigns security controls to devices on the network.
2. Educate
Education should take center stage — for everybody.
Employees need to understand working remotely requires more mindfulness, not less. “If you see something, say something,” Shopp advised, and check in on security best practices in your home and work lives. Agencies can also beef up their knowledge of cloud-based apps and services. These off-premises offerings come with various amounts of security attached, but agencies are still responsible for their data.
Vendors need to carefully walk agencies through contracts and policies, and they should be available for questions. Part of their responsibility is putting supply chains and terms and conditions out front.
3. Share
If these seem like murky and uncharted waters, well, they are. Now isn’t the time for finger-pointing but shared cyber growth.
Continuing its efforts in the wake of the breach, SolarWinds is working to foster information-sharing networks and free spaces for employees, agencies and organizations to ask cybersecurity questions without judgment. In these spaces, cybersecurity experts come together to share best practices and answer questions both simple and complex. The advice is priceless. Information sharing and analysis centers (ISACs) have been sources of major assistance within the IT space, though many are siloed. The Multi-State-ISAC and IT-ISAC are two proven leaders that have shared best practices for years, a model everyone can follow.
“We need to break down those silos and truly make it a cyber community and not a set of cyber verticals,” Shopp said.
This article is an excerpt from GovLoop’s recent guide, “Your Cybersecurity Handbook: Tips and Tricks to Stay Safe.” Download the full guide here.
Leave a Reply
You must be logged in to post a comment.