Commentary: Isaac Kohen, CEO of Teramind, says some of the biggest threats come from inside the organization and provide an accessible opportunity to tighten the perimeter.
As cybersecurity increases in importance, the room to improve cybersecurity efforts becomes harder on tighter budgets, but there are measures states can take.
In 2017, there were 42 state-level bills introduced to improve government cybersecurity practice. State legislators are clearly interested in improving cybersecurity in their states overall, and they recognize that government needs to set an example for what excellent cybersecurity practice looks like.
The most pressing threats to the United States today come in digital form — these are cyberattacks from both individual and nation-level actors. Defense is usually left to the federal government, but cyberthreats pose new security challenges that go beyond traditional perimeter security.
On top of managing state-level government services and duties, administrators now have to worry about the compromise of their data and potential disruption to everything they do.
The Most Dangerous Threat
When it comes to cybersecurity, context and threat environment are important to understand before discussing practices.
For the federal defense agencies, the most significant risk area to government institutions are insider threats. One of the most in-depth studies on the cyber risks that government institutions face came from a joint effort authored by the U.S. Secret Service, National Threat Assessment Center (NTAC) and the CERT Program at Carnegie Mellon University. In the report, the authors detail cases and the fallout from malicious insider (employee) activity.
More recently, a report from the Ponemon Institute demonstrates that a significant amount of insider incidents are the result of negligent security practices by well-meaning employees. Many of the major ransomware cases and data breaches were usually the end result of an employee being phished or downloading an attachment embedded with malware. If you want to protect your state from data breaches in the modern times, you will need to focus on internal threats, your everyday employees, contractors, and other government agencies.
Mitigating this threat on a small budget may be tough. Thankfully, there are some measures you can take even given a limited staff, time, and resources.
As stated above, insider threats are one of the highest risk areas for state institutions and government overall. An insider could introduce malware to your network or an opening for theft that would have been otherwise blocked by antivirus or your firewall. The following measures are vetted practices that have worked for private institutions and public sector ones as well.
Integrated Data Governance
The data that flows through your institution needs to be protected but first you need a formalized system of managing that data. By integrating information into your daily governance, you gain a strong understanding of how data flows in the local government. This requires an examination of people, policies, processes, procedures, and protocols. This is a time intensive undertaking, so it is good practice to establish a committee that can commit a few hours to gather this information and develop the policy and framework for information governance.
Principle of Least Privilege
This principle revolves around the idea that a user should only have the minimum amount of access and permissions necessary to perform his or her job. Anything more and you expose your organization to an insider breach. Least privilege requires that you manage permissions beyond the default settings and make them relevant to your context. For privileged users, it is important to give them two accounts — one that gives them the minimum amount of privileges to do their jobs, and another standard account for non-privileged duties.
Behavior Baselines (Network and User)
In the public sector, baselines are a very common practice. They are used to compare performance in development and a variety of other areas. When it comes to cybersecurity, a baseline can also be an incredible practice to prevent insider threats. It is commonly referred to as user behavioral analytics. It is recommended to use monitoring software capable of tracking both network and individual employee behavior to know your baseline. Then from there, ensure VPNs are extremely limited in use for users who access the network remotely. Finally, just keep watch for deviations from the baseline and watch for suspicious behavior. The best part about this is it’s automated, thanks to recent tech advancements.
While the horror stories about ransomware and data breaches can be terrifying, it is important to recognize that the people who introduce those problems to our networks could be our peers and partners. Stay vigilant, and ensure you are managing your data to prevent insider threats. It is suggested to use the Common Sense Guide to Mitigating Insider Threats as your go-to resource.