What to do when cyber hygiene isn't enough

You didn’t have to peruse the latest Verizon Data Breach Report to know that cyber-attacks remain one of the clear and present threats of our time, with an intensity that shows little signs of abating.

 Cyber breaches affect everyone, small and large businesses, as well as networks residing in the public sector. Public sector networks with their treasure trove of sensitive information face vigorous targeting by nation states and cyber criminals looking to steal anything that isn’t bolted down.

Helping government agencies lock the door to keep external threat actors out, combined with education and training, can only go so far. There will always be a vulnerability. How can those selling security solutions help the government mitigate security threats when good cyber hygiene isn’t enough? Here are five things to consider.

1. Preemptive Hunting: Protecting agency networks from cyber criminals requires thinking like the adversary: Putting yourself in that mindset to consider where they would go next, identifying what trails they would leave, what you would do at each stage of a cyber-attack, etc. This approach can be more effective at preemptively isolating vulnerabilities than simply reviewing alerts after the fact.
2. Figuring Out What You Can Interrupt: A follow-on from thinking like an adversary is figuring out what can be interrupted. What are the steps an adversary will take to get to administrative privileges within a government network, for example, and how can those steps can best be interrupted? How would they get to the point where they are masked and how can those attempts be stopped? Here speed matters, as detection and investigation need to occur in minutes before the adversary can cause lasting damage.
3. Embracing the Cloud: While security concerns related to cloud adoption persist, they are evaporating. In fact, government agencies should be educated on how cloud can augment security. The ability to aggregate threat data, while leveraging cloud-scale AI, will advance vulnerability analysis. The end result will be fewer “unknowns,” as it’s likely that the malware or vulnerability identified by one agency has already been seen by another. (One thing to note, this will require a far greater level of information sharing among government agencies to really see the benefits of crowdsourcing as a method for early detection and proactive patching.)
4. Knowing your Network: One of the biggest challenges government agencies face, and where industry can help, is helping them know what’s on their network. You can’t defend what you don’t know, so understanding the network topology is table stakes when it comes to defending a network. This is a task made more complex with the growing prevalence of cloud, mobility, IoT and Shadow IT.
5. Planning for Compromise: Help your government customers maintain a plan for when they are breached. It’s a matter of when, not if, for many of them. I use the word maintain because what it means to be resilient will evolve as the threat evolves. As mentioned above, an important step is an evaluation of what they have in their network but also, they need to think through scenarios like what happens to the survivability of a network if a phishing link is clicked, what is our backup plan, etc.

Those overseeing the $15 billion a year in federal security spend know that their IT environments will never achieve zero vulnerability or zero threat. In your conversations with C-level executives and program managers, show how you can help their office, branch or agency be better postured to handle the inevitable. Demonstrate you can utilize your visibility, analytics or cloud-based solutions to better understand threats and bad actors and be more proactive in defending your network and determining next steps after a breach.