Over the past six months, the cyber risk landscape for federal agencies has changed significantly – and likely forever. It is abundantly clear that the federal government will be teleworking for the foreseeable future. Agencies are taking steps to modernize their security infrastructure to optimally support this expanded remote workforce as telework continues and cyber threats increase.
The explosion in Bring-Your-Own-Devices (BYOD) alongside agency-owned and government-managed assets operating outside the protective perimeter of the enterprise local area network has created “the perfect storm” for bad actors, specifically ransomware.
The tidal shift of end user endpoints out from behind the relative safety of the enterprise perimeter and into the uncontrolled context of the outside world has offered an exponential increase in soft targets for attackers. Furthermore, each of these endpoints represents a potential point of entry back into said enterprise for the purposes of lateral traversal and the establishment of persistence within the enterprise. This problem, if we are honest with ourselves, is not being taken seriously enough.
Bad actors are adapting to the current distributed workforce, just as we are. According to Bloomberg Government, criminals are not only deleting data if the ransom isn’t paid, but they are threatening to release the data publicly. Given the sensitive nature of federal data, the criticality of mission and pervasive legacy infrastructure, this approach puts agencies at a particularly high risk.
Federal agencies can reduce the likelihood of ransomware attacks with better cyber defense strategies. The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) recommend that agencies, “conduct regular vulnerability scanning to identify and address vulnerabilities, especially those on internet-facing devices, to limit the attack surface.” CISA and MS-ISAC also stress the importance of regularly patching and updating software and operating systems to the latest available versions, and ensuring devices are properly configured and security features are enabled. That said, it is critically important to keep in mind that the recently released suggestions from CISA are but a selection taken from more detailed secure baselines from Microsoft, NSA, NIST, DISA and others and alone are insufficient.
Agencies that don’t implement solutions or platforms for cyber defense are putting themselves at risk for many types of attacks on their sensitive data.
Assessing Risk for Cyber Defense
The infrastructures across agencies today present challenges. Many agency IT teams lack complete visibility into their network and into the variety of endpoints, a problem exacerbated by current conditions. This leaves many vulnerabilities unknown and makes risk assessments more than guesswork for IT teams – increasing the likelihood of a breach.
IT teams need not only the latest data on who is connecting to their networks, where they are coming from, or what they are trying to connect to, but exactly what they can do once they have access. When evaluating access, systems rely on data that shows how the user is accessing the network. Typically, this data is several weeks or even months old – or simply inaccurate as a result of configuration changes or other factors.
To accurately evaluate risk in the new teleworking environment, agencies need accurate, real-time data regarding systems and endpoints to protect the environment and overall mission. Risk cannot be safely evaluated and acted upon periodically any more than one can operate a vehicle on public roads in a safe manner by occasionally opening one’s eyes. Risk assessment and mitigation is a real-time activity and failure to treat it thusly will be catastrophic.
Single Platform for Mitigating a Multitude of Cyber Threats
Obtaining true real-time data that is complete and accurate enough to assess risk is often considered impossible. This is why the industry has settled on periodic assessment of risk as the de facto standard. Agencies should unify teams on a single platform that integrates endpoint management and security, breaking down data silos and closing the accountability, visibility, and resiliency gaps that exist between IT operations and security teams, and demand that solutions perform in a manner that allows ongoing, real-time assessment.
Mitigating cyber threats is a top priority, and agencies must build a foundation for assessing and addressing risks by ensuring not only that existing operations can withstand current and familiar threats, but that this risk mitigation continues as the risk landscape continues to evolve and bad actors continue to adapt their tactics.
Leveraging a single platform gives agencies end-to-end visibility across end-users, servers, and cloud endpoints, and the ability to identify assets, protect systems, detect threats, respond to attacks, and recover at scale.
With the new and maturing levels and types of risk that arise from the current environment, obtaining the amount of data needed quickly enough to make good risk decisions is imperative.
Agencies must strive to keep systems and data safe in an environment with exponentially more endpoints in more places. And as federal employees become more comfortable in their current posture, it’s important that federal IT leaders continue with existing security precautions – while preparing for evolving threats.