CYBERSECURITY & MODERNIZATION
Cloud and the pivot
to new security targets
Tony D’Angelo
Vice President of Federal, Proofpoint
are increasingly using social engineering to trick people into running malicious code and/ or to steal their credentials with the intent of accessing sensitive information or financial assets.
It’s more difficult to secure a person than
it is to secure infrastructure, but there are many training products that can help agencies educate employees to be more alert to warning signs, avoid risky behavior and be more careful about opening certain types of attachments.
In addition, agencies must understand which employees are likely to be the target of hackers and what tactics those hackers might use. The targets are not always obvious. Rather than go after the director of an agency, for instance, hackers often zero in on the director’s administrative assistant — or somebody in the contracting or accounting department — with the goal of conducting reconnaissance on how an agency runs, impersonating an official,
and uncovering government secrets or even sensitive information about weapons systems. It’s important to have visibility into the very attacked people (VAPs) and not just the traditional VIPs.
Shifting security resources
The government has recognized this trend. For example, the Department of Homeland Security released Binding Operational Directive 18-01 last year to mandate
the adoption of Domain-based Message Authentication, Reporting and Conformance (DMARC), which helps stop the spoofing of email usernames and even domains.
DMARC is a great first step toward email authentication. It helps ensure that the user is exactly who he or she purports to be and the domain is legitimate. This authentication
The move to secure, cloud-based infrastructure means agencies can now direct their energy to protecting users
ONE OF THE biggest challenges in IT modernization is migrating data centers that the government
has owned and operated for decades to
the cloud. As part of that infrastructure transformation, agencies must identify and close any security gaps to focus their efforts on new threats.
Although the government has historically done a good job of securing infrastructure, hackers have mostly shifted their focus to a much easier target: people. In fact, it’s fortuitous that the government’s push for modernization coincides with a dramatic shift in attacker tactics and the
urgent need to remediate people-centric threats.
The importance of email security
Research has shown that 93 percent of cyberattacks now target people, and 96 percent of those attacks happen via email. However, agencies typically spend only about 8 percent of their security budgets on email and 62 percent on infrastructure.
Instead of trying to breach systems, attackers are tapping into online resources such as LinkedIn and Google to identify potential victims and their relationships within an agency to exploit them. Hackers
deepOV/RedlineVector/Shutterstock/GCN Staff
S-92 | SPONSORED CONTENT