The Ongoing Quest for Cybersecurity
2
SPONSORED CONTENT
Taking aim at a moving
CYBER TARGET
Agencies are in search of ways to secure networks that are as fluid as the cyber world in which they operate
GOVERNMENT AGENCIES
were already under pressure to
modernize their cybersecurity strategies before the pandemic hit. The trends toward remote work and cloud-based systems were pushing network perimeters further out from the data center, and the move to digital services had been creating new challenges for securing information and protecting privacy.
The pandemic only heightened the
sense of urgency. As workplaces closed
and government employees struggled to access data and systems from makeshift home offices, the cybersecurity risks grew. The use of virtual private networks in the U.S. increased to match the early spike in COVID-19 cases, rising 124% in the two weeks from March 8 to March 22, 2020, according to Statista. Around the same time, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert titled “Enterprise VPN Security,” which offered both warnings and guidance on how to handle the surge in usage.
That was far from the only security alert released by government agencies as hackers
sought to take advantage of the pandemic. In March 2020, the FBI warned about a rise in fraud schemes related to the health crisis, including fake email messages claiming to be from the Centers for Disease Control and Prevention. In October, CISA, the FBI and the Department of Health and Human Services called attention to ransomware attacks targeting the health care and public health sectors.
Defending against such attacks became more difficult with employees spread far and wide. Some employees connected to networks via less-than-secure personal devices, while others fell victim to clicking malicious links due to relaxed cyber hygiene concerns. In response, agencies began looking for new ways to secure government systems.
Adopting a zero trust mentality
With so many employees logging in remotely, agencies found that they had to shift their focus from securing a well- defined perimeter to securing the data that fuels government operations. In a recent survey of FCW readers, protecting data
topped the list of cybersecurity priorities, with 75% of respondents citing it.
In response to such concerns, CISA released its Ransomware Guide in September 2020. The guide features a
wide range of best practices, including identifying assets that are searchable via online tools and taking steps to reduce that exposure, performing frequent backups, and storing backups separately. CISA
also offers services to help agencies guard against ransomware attacks, training in how to identify and mitigate vulnerabilities, and advice on how to respond to an incident.
Another way to protect critical assets
is by emphasizing endpoint security and ensuring that all users and devices are safe before they are allowed to access government networks. That is a core tenet of zero trust architecture, a mindset that “assumes there is no implicit trust granted to assets or user accounts based solely
on their physical or network location...
or based on asset ownership,” according to the National Institute of Standards and Technology (NIST).
Shutterstock/FCW Staff