Recently, SHI International Field Solutions Engineer, Jeff Franckhauser shared with Government Technology Insider observations and insight into current and future cybersecurity trends. Look back at part one here, and then continue reading for more insight into the shifting landscape of cybersecurity and what exactly federal agencies can do to address cyber threats and attacks.
Government Technology Insider (GTI): What trends are you currently seeing in cybersecurity risk analysis to drive change?
Jeff Franckhauser (JF): One of the basic building blocks for network security analysis is penetration testing. It’s the first part of a quality control strategy for evaluation; a deep pen test is used to see what devices are connected to the network. Many IT managers are not aware of what is connected to their network, or what’s hiding in their network. This includes shadow IT within the cloud and on prem or in hybrid and hyper converge infrastructure (HCI).
IT staff members reported being unaware of between 30 and 60 percent of devices detected through the pen test. This means that for every 100 devices detected on the network up to 30 to 60 devices were undetected. These devices could be internet connected TVs, loT devices for monitoring heating or cooling systems, or devices designed to monitor patient care. These findings are quite significant when it comes to understanding who and what is connected to the network and the vulnerabilities they create.
GTI: What are the next steps for agencies?
JF: Once there‘s a basic view of what technology is in place and what vulnerabilities are, it is prudent to perform a gap analysis. A gap analysis helps to organize, develop, and define security standards and management practices. With implementation and applied control management, environmentally redefined policies help create an informed decision process and provide comprehensive risk-based guidance.
Institutions that have gone through this process have been starting to develop their Zero Trust framework by upgrading the security network to include integrated Multi-Factor Authentication (MFA), Privileged Access Management (PAM), and ID Access Management (IAM), as well as utilizing Machine Learning (ML) and Artificial Intelligence (AI) to automate the patching software updates. It’s been stated that of the many breaches in network security—up to 60 percent of network breaches—were caused by not upgrading outdated hardware and poor software patch management practices. So, while it’s great to have secure infrastructure, data security is a moving target and adjustments must be made sometimes on a weekly or monthly basis to stay safe.
GTI: Any new trends emerging since the Russian-Ukrainian war has begun?
JF: Currently, with the war going on in Ukraine many agencies are seeing an increase in cyberattacks coming from Russia and satellite states like Belarus and North Korea. The increase of these cyberattacks are focused on government and telecommunications infrastructure. With this type of activity, state sponsored attacks from Russia have not only increased in the United States but also into many of the NATO allies. These attacks are focused on the military and defense infrastructure, as well as many of the large defense contractors seeing an increase cyber activity. These constant attacks are pushing agencies to refresh their entire disaster recovery and business continuity with a modern infrastructure. By upgrading current backup technologies that support data encryption at rest and in motion, offering data immutability, which helps lower RPO, and RTO and limits loss and exposure should a security event take place, agencies can continue to address new threats.
GTI: How do you see the cybersecurity landscape changing as we enter the second half of 2022?
JF: The landscape for security is constantly changing, so it‘s important that public sector organizations move into a national planning structure for protecting data and critical infrastructure at all levels. One trend that I am seeing is eliminating vendor sprawl by integrating different technologies within the cloud and the network. By limiting the number of vendors providing solutions, organizations don’t have to manage and secure disparate technologies that could create security issues. Micro-segmentation and adding virtual firewalls, virtual routers, and switches that can move secure traffic east to west or north to south depending on if the traffic is staying local or moving outside the network are some other strategies that are helping build more robust defenses.
With the lack of proper engineering resources, many federal agencies and institutions are looking to move more services, such as mail services, next generation firewalls, and mail and web filtering, to the cloud and utilizing third party contractors for staff augmentation and technical support. Condensing these tools and moving these resources to the cloud reduces the number of surfaces open for attack. Agencies don’t need a large staff to maintain the technical support and can reduce costs. The ability to move some computing resources to the cloud with secure foundation makes it so companies no longer need servers, storage, or large networks.
Overall, the most significant shift we’ve seen for agencies and institutions is the embrace of Zero Trust and shifts to its infrastructure. Zero Trust is a network security model based on a philosophy that no person or device inside or outside of an organization’s network should be granted access to connect to IT systems or services until authenticated and continuously verified. In an effort to reduce ransomware attacks and the consequence of security events, what is your recovery plan? I think this is one of the most important questions every security professional or CISO should be asking themselves today.
To learn more about cybersecurity solutions, click here.