Beyond Cyber Hygiene

By Lloyd McCoy, Market Intelligence Manager

Helping agencies lock the door to keep external threat actors out of IT networks, combined with education and training, can only go so far in protecting government assets. There will always be vulnerability.

Public sector networks, with their treasure trove of sensitive information, face vigorous targeting by nation states and cyber criminals looking to steal anything they can get their hands on. Cyber-attacks remain one of the clear and present threats of our time with an intensity that shows little signs of abating.

So, how can those selling security solutions to government help mitigate threats when good cyber hygiene isn’t enough?

Preemptive Hunting
Protecting agency networks from cyber criminals requires thinking like the adversary. Putting oneself in that mindset to consider where they would go next, identify what trails they would lead, what you would do at each stage of a cyber-attack, etc. This approach can be more effective at preemptively isolating vulnerabilities than simply reviewing alerts after the fact.

Figuring Out What You Can Interrupt
A follow on from thinking like an adversary is figuring out what can be interrupted. What are the steps an adversary will take to get to administrative privileges within a government network for example, and how can it best be interrupted? How would they get to the point where they are masked and how can those attempts be stopped? Here speed matters, as detection and investigation need to occur in minutes before the adversary can cause lasting damage.

Embracing the Cloud
While security concerns related to cloud adoption persist, they are evaporating. In fact, government agencies should be educated on how cloud can augment security. The ability to aggregate threat data, while leveraging cloud-scale AI, will advance vulnerability analysis. The end result will be fewer “unknowns” as it’s likely that the malware or vulnerability identified by an agency, another has already seen. One thing to note, this will require a far greater level of information sharing among government agencies to really see the benefits of crowdsourcing as a method for early detection and proactive patching.

Knowing your Network
One of the biggest challenges government agencies face, and where industry can help, is helping them know what’s on their network. You can’t defend what you don’t know and so understanding the network topology are table stakes when it comes to defending a network.  This is a task made more complex with the growing prevalence of cloud, mobility, IoT and Shadow IT.

Planning for Compromise
Help your government customers maintain a plan for when they are breached. It’s a matter of when, not if, for many of them. I use the word maintain because what it means to be resilient will evolve as the threat evolves. As mentioned above, an important step is an evaluation of what they have in their network but also, they need to think through scenarios like what happens to the survivability of a network if a phishing link is clicked, what is our backup plan, etc.

Those overseeing the $15 billion a year in federal security spend know that their IT environments will never achieve zero vulnerability or zero threat. In your conversations with C-level executives and program managers, show how you can help their office, branch or agency be better postured to handle the inevitable. Demonstrate you can utilize your visibility, analytics or cloud-based solutions to better understand threats and bad actors and be more proactive in defending your network and determining next steps after a breach.

Keep up with government IT trends. Subscribe to immixGroup’s Government Sales Insider blog.

The 2019 Government IT Sales Summit will be held November 21 in Reston, Virginia. Learn more.

This article was originally published in Washington Technology online magazine.