Two Cyberthreats Agencies Must Recognize
April 12, 2021 by Lily Rexing
As guardians of vital information, governments are prime targets for cyberattacks. With perpetrators using increasingly advanced tactics, identifying and defending against emerging threats is an ongoing challenge. Director of Tyler Detect Ron Bernier recently hosted Emerging Cybersecurity Threats and Tips to Defend Against Them, a webinar that provided insight on how to defend against the latest cyberthreats impacting the public sector.
Following are two threats, those posing a real risk but often go unnoticed, explained in the session.
Supply Chain Threats
Governments rely on a variety of controls to mitigate the risk of a breach, but there are considerations that may be outside their purview. This is because an agency’s security posture is also reliant on its partners and suppliers accessing their systems and data. If your trusted partner or vendor is breached, there is always a chance the hacker may be able to infiltrate your systems and data as well. This poses a significant threat which is difficult to detect.
To build a strong defense against these supply chain attacks, agencies should employ threat hunting. Effective threat hunting reduces risks by taking a holistic look at all the activity on an organization’s network and using contextual analysis to pinpoint anomalies. It includes monitoring new protocols, new ports, and new destinations for irregular activity that automated detection systems failed to stop.
“The role of threat hunting is to layer human expertise across a broad array of data, most often a huge amount of data, to try to detect threats that no other control has detected,” said Ron Bernier.
Agencies must also evaluate their permanent and on-site vendors. For example, if a permanent VPN connects a vendor to an agency, attackers can also use that to gain access to the government network. Vendor access should be restricted, so they can only get to what they need to accomplish their work. This may seem overly cautious, but the security benefits cannot be overstated. In considering the potential dangers of supply chain threats, agencies must operate with extreme care.
Nation State Attacks
Another serious threat detailed in the webinar is a “nation state attack.” This refers to a highly targeted cyberattack launched by a national government or one of its agencies. These hostile government attacks are deployed to obtain intellectual property, critical financial data, or information for political espionage. They are also referred to as Advanced Persistent Threats (APTs) because they are extremely stealthy and after gaining unauthorized access to a network, can often stay undetected for a long period of time.
“A nation state or APT attacker is often highly skilled … they easily blend in with other typical user traffic,” Ron Bernier said.
Once APTs enter a network, they work to gain administrative access and begin infiltrating user devices. Nation state attacks pose a major threat to governments due to the sheer amount of information they can obtain. Whenever agencies interact with the internet, there is a certain level of risk that must be predicted and accounted for. Agencies need to assume that any physical device that is connected to their network could be malicious and must operate with a high level of oversight. In many cases, endpoint monitoring can be a proactive way to detect nation state threats. Continuous monitoring of end user devices can help detect irregular activity so agencies catch malicious actions before it’s too late.
Supply chain threats and nation state attacks are just two of the serious threats facing government agencies today. Explore other hidden threats and learn how to defend against these attacks by accessing the full webinar, Emerging Cybersecurity Threats and Tips to Defend Against Them.