The list of critical data stored by government agencies is endless. From credit card data, passport numbers, drivers’ license numbers and tax information, government agencies are storing vast amounts of data that create the perfect treasure trove for hackers to exploit.
What’s more, with strict regulations being enforced to ensure that organisations not only keep their data secure but that they become more transparent about data breaches when they do occur, such as the EU General Data Protection Regulation (GDPR), there really is no room for government agencies not to follow these regulations themselves.
However, unfortunately this industry does not have the best track record when it comes to security breaches. The Office of Personnel Management breach, which saw over four million federal employee records stolen, is best known as one of the largest data breaches in history. To make it worse, it’s reported that it took around six months for cybersecurity professionals to identify the intrusion; six months where the hackers could move laterally throughout the system and make the network their playground.
It begs the question: if the United States government cannot prevent data breaches, what does this say about the safety of corporate networks in the private sector? Government agencies around the world, at all levels, need to take action, and they need to do it now by following these three steps.
Step 1: Assume that a breach is going to happen
Taking a proactive approach to cybersecurity is the only way to keep hackers out. When considering the vast amount of data breaches that have happened in the last few months alone, it’s clear that no organisation – government or otherwise – is immune from being the next hacking victim. Instead of focusing on perimeter defences, government agencies need to limit the scope of a breach by containing it to a single segment of the network, instead of leaving the hackers to move laterally through the system at their leisure.
Step 2: Align the function of access control around application access for users
It’s no longer acceptable for any cybersecurity strategy to focus purely on the network. Instead, modern, software-defined security positions the security policies and protection functions around applications and users, which means only giving access to users that need it to do their job. By carefully controlling which users can access which applications in all internal and external locations, the attack surface can be reduced. Simply put, if a user does not need to access a particular application to do his or her job, then they should not be able to send even a single packet to that application’s server.
Step 3: Use breach containment to limit the scope
Taking six months to detect that a breach has happened is far from tolerable. And if action isn’t taken, the situation will only get worse; from mobile, BYOD, the Cloud and even the Internet of Things, the attack surface is continuously getting bigger. However, just adding more traditional cybersecurity tools into the mix won’t solve the problem. It is only by using a software-defined approach to security that focuses on containing breaches that the scope of a breach will become manageable, as even when a breach does occur, the hacker is limited as to what damage can be achieved.
Protecting government agencies from the fate of more data breaches is possibly one of the biggest tasks being faced by Security Managers today. However, cybersecurity doesn’t need to be complicated. The tools are there for the taking but a change in mind-set is needed, and it is only when this is realised that this critical data will be kept secure.
Paul German, CEO at Certes Networks
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.