There have been significant government breaches all over the world in the past year and external threats are a growing priority for all governments given today’s current political landscape. Despite vast investment in preventing these sorts of attacks, we continue to see breaches like those in the US and Russia.
In September last year, the US government was hacked, resulting in over 5.6 million fingerprints of federal employees being stolen. This kind of classified information gave the hacker information which would ordinarily take years of intelligence gathering within a matter of minutes.
Further to this, in July, the Russian government came under attack from a ‘cyber spying virus,’ which was found in the networks of about 20 organisations. What’s worrying is with so much focus on preventing external threats, insider threats are being forgotten about. The recent Sage internal data breach, in which 200-300 customers were affected by a data breach as a result of misuse of an employee login, is a reminder these threats need to be just as high on the agenda.
This is a growing concern given that sensitive government, healthcare and military data can easily be accessed from employee’s computers through phishing attacks, insecurely moving data and the use of prohibited personal devices. It’s therefore vital that government, healthcare and military organisations are confident they can defend against known threats, respond to new threats immediately, and quickly recover from cyber incidents, whether they are the result of an external or internal threat.
1) Unauthorised devices
With the pervasiveness of mobile technology and devices, there is the belief it should be possible to be use them anytime and anywhere. However, unknown devices on the network could result in the IT department losing control of the cyber environment, making the network vulnerable to hackers. This will have huge consequences for government organisations. For example, if the military was hacked, it could lead to classified information being revealed to millions of people. An overview of what devices are connected to the network, what they are accessing and to whom they belong is crucially important. While micromanaging everybody on the network is not necessary or realistic, proactive IT monitoring can enable employees to continue to explore new mobile technologies while still maintaining security.
2) Shadow IT
According to SolarWinds research which surveyed government IT managers, Shadow IT was ranked second among the areas that IT departments have least control over. This threat will continue to grow as 58 per cent of survey respondents expect an increase in its use over the next two years. Government, healthcare and military IT pros must be aware of the importance of having strong policies in place for controlling access to their networks. The best way to tackle Shadow IT is to shed some light onto the issue by embracing new technology within organisations, educating employees about potential dangers, as well as vigilantly managing and monitoring access to the network
3) Active management
In order to better secure sensitive IT environments, a focus on an active management of endpoint security is required. Rather than burying their heads in the sand, IT professionals need to use network management software to identify unauthorised apps before they start causing problems.
4) Sharing best practice
Each level of government has its own perspective on cybersecurity and threats. However, the ability to safeguard networks and infrastructure exponentially increases when different levels combine resources, improving the overall response efforts with more manpower and better technology. By keeping tabs on business cycles, strong partners can be identified to make for better problem solving. Organisations can keep up-to-date on cyber risks and mobile technology by learning best practices from third party organisations and identifying common vulnerabilities.
5) Protect the network
IT professionals within government sectors do not have time to track down everything that tests their networks; they’re already being asked to do enough. Instead, they need to ready their infrastructure before the threats happen. That means automating the monitoring and protection of their networks, thereby laying the groundwork for better management of today’s IT technology. With insider threats being much more common now, it is as vital for government to have a tight security plan for insider threats as it is for external threats.
The IT team needs to be sure that they can defend against, respond to and quickly recover from cyber incidents and threats in order to be sure that critical or classified data is not lost. All of which could have catastrophic consequences to public sector organisations, from classified information being made public, to personal data being sold on the dark web.
Joe Kim, CTO at SolarWinds
Image source: Shutterstock/BeeBright