The rapid shift to government telework as a result of COVID-19 – and the comprehensive pressures the pandemic continues to exert on businesses, markets and people – creates new opportunities and motives for state-sponsored hackers, non-state actors and other hostile agents targeting networks and data. Whether by taking advantage of workers remotely accessing data or by utilizing internal knowledge, malicious actors can leverage a swiftly expanded attack surface to gain access to restricted networks and manipulate their way to sensitive data for nefarious purposes.
The mode of attack – negligence, sabotage, unauthorized disclosure or access, an otherwise compromised employee and/or their credentials – matters less than the fact that attackers can remain in the network indefinitely. This underscores the risks of insider threats, which represent some of the most dangerous cybersecurity vulnerabilities.
They’re among the fast-growing concerns, too: According to research from The Ponemon Institute, the frequency of insider threats spiked 47 percent from 2018-2020.
Yet insider-threat breaches can be prevented by leveraging automation to provide real-time insight from organizational data. By identifying and analyzing security data in real time, organizations can detect these malicious insiders from the time they access the network – and before they have a chance to act.
This machine-speed ability to mitigate insider threat risks is crucial for maintaining operational and organizational resilience, which as we learned throughout this year’s National Insider Threat Awareness Month (NITAM) is central to combating these insidious vulnerabilities.
Cybersecurity: A Data Problem
Agencies can ensure the security of their existing data stores by harnessing streaming data. Data-streaming offers tremendous promise for real-time improvements to mission effectiveness and allows agencies to collect usable data from the start.
One of the most significant emerging uses for streaming data is in the public sector. Government agencies see this platform as a game-changing capability, advancing everything from battlefield decision-making to constituent user experience.
Agencies must access and process years’ worth of logs and data to build a historical baseline that acts as a comparable control data set for detecting anomalies and providing real-time defenses. For example, by analyzing how the network has historically been accessed, and by whom, it would be easy to recognize an individual accessing an atypical part of the system not needed to complete their responsibilities. Similarly, if a user suddenly begins logging on at suspicious times outside of the typical workday, something may be awry.
However, a data platform for cybersecurity is only as good as the data streams it can ingest. The government has paved the way for real-time data – including through collecting data via sensors on platforms and wearables, providing real-time information from devices to decision-makers.
IDC predicts that the collective sum of the world’s data will grow 33 percent, to 175 zettabytes, by 2025. The sheer amount of incoming data already requires more than just the workforce. Without leveraging emerging, data-driven technologies, agencies will be exposed to cybersecurity incidents and failed mission outcomes now and in the future.
A World of Automation
It’s crucial for agencies to tap into machine learning (ML) and artificial intelligence (AI) to collect and analyze relevant log data and relay high-fidelity alerts to analysts. Real-time data analysis can alert security teams to unauthorized access or exfiltration and quickly identify suspicious behavior.
As we learned from the CERT National Insider Threat Center over the course of NITAM, resilience requires that measures such as asset definition and management, risk management, access management and monitoring – all of which can be significantly strengthened by real-time data and AI tools – are core tenets of network resilience.
IBM’s 2020 Cost of a Data Breach Report found organizations need an average of 280 days to identify and contain a data breach – more than enough time for an attacker to do irreparable damage while on the network without authorization. But by implementing the recommended measures and by identifying and analyzing organizational data in real time to proactively detect anomalies, agencies can significantly reduce the time taken to spot atypical behavior.
Embracing data-driven resilience can also help prevent damaging data loss and the extensive costs of a breach. According to the same study, companies that fully deploy security automation have an average breach cost of almost $2 million less than those not using automation.
The reduced breach cost from leveraging automation is due in part to the advanced insight gleaned from quickly identifying patterns and data trends. Automation provides security teams full context of what transpired in the event of a breach and paints a clear picture of what parts of the network were compromised and the most efficient way to counter the attack.
Without this real-time insight into the data being analyzed, government agencies will always struggle with resilience – risking precious time, resources and operational security.