Forward-looking security beats after-the-fact firefighting
- By Wes Woolbright
We continue to see state, local and municipal agencies fall victim to malicious acts of cyber crime that bring operations to a grinding halt.
In March 2018, Atlanta fell victim to a ransomware attack that caused unexpected outages on computers used for day-to-day operations and customer-facing applications, forcing employees to resort to old-school, manual processes.
In November 2017, a hacker hit California's Sacramento Regional Transit, deleting approximately 30 million files as part of a ransomware attack.
In April 2017, residents in Dallas were jolted out of bed when all the city’s emergency alarm system was hacked, causing all 156 sirens to sound for nearly two hours and leading panicked calls to 911.
These attacks put cities on high alert, leaving decision-makers to think about how their cities would fare if computers were hijacked, day-to-day activities disrupted and government services made unavailable for local citizens.
In today’s ever-connected world, city network resources are critical for residents and other outside constituents to access a wide range of services, from paying parking tickets online to submitting permit applications -- two activities disrupted when Atlanta’s network was compromised.
In the wake of major hacks, and with advanced threats looming on the horizon, government agencies must figure out how they can best deliver the required network access without creating an open door for attackers. At the same time, they must be confident that connected devices, people and networks aren’t creating additional vulnerabilities.
Traditional network security approaches fall short
Ransomware is especially difficult to stop because many agencies are reactive when it comes to cybersecurity, due to limited IT resources, budgets and processes to identify and stop threats. Additionally, traditional intrusion detection technology and patch management solutions are ineffective when it comes to detecting or containing a compromise that has already occurred. This creates a fire-fighting mentality to remediate damage already done.
As the complexity of agencies’ infrastructures, and the myriad devices connected to them, increases, security strategies that focus only on identifying and eradicating attack vectors are largely inefficient and costly. To keep their agencies protected, it’s time IT managers ditch the fire fighting and take a zero trust approach to cybersecurity. This may mean a major shift in their overall approach to network security -- no longer laser-focusing on attack vectors, but rather on identifying and neutralizing vulnerabilities that allow the attacks to do harm.
Shift from reactive to proactive security
Allowing employees, vendors, partners and constituents access to agency resources by connecting potentially vulnerable networked systems over the public internet is part of today’s government operations. Yet, there are certain agency systems that have no reason to be visible to the rest of the world and, therefore, should not be connected to even the most secure perimeter.
A zero-trust stance works on the assumption that everything on the network is already compromised, or could be compromised, and isolates and contains critical assets. By embracing a more sophisticated level of network segmentation, agencies can both stop malicious attacks by cloaking network devices to prevent attacker reconnaissance and prevent lateral east-west movement.
Zero trust is a highly secure approach for protecting networks in today’s high-risk climate, where countless devices are connected to massive networks that are accessed by thousands of users. With this strategy, government agencies can grant access to those who have clearance to see certain information, rather than blocking those who don’t. By using network segmentation in a zero trust mindset, agencies are giving their networks the best chance to avoid a breach and stay invisible to malicious attackers.
Tomorrow is a new day, and with it will come new attack vectors and more agencies caught off guard and victimized. Traditional cybersecurity approaches are broken, as attackers are all too aware. It’s time to take action and isolate operational infrastructure to keep it safe from IT vulnerabilities.