As international tensions rise as the eighth month of the war between Russia and Ukraine begins, it is clear that we are entering a new era of increasing state-sponsored attacks, particularly those targeting agencies and public sector services.
The Cybersecurity and Infrastructure Security Agency (CISA) issued a rare “shields up” alert earlier this year, highlighting the need for US companies to remain vigilant and protect their most important and sensitive assets. Later, CISA also warned of the threat posed by state-sponsored threat actors from China and North Korea.
The current geopolitical climate has put cybersecurity in the spotlight to ensure national security, making it particularly important for public sector organizations to take a proactive stance against threats. Proactive cybersecurity starts with a full understanding of what needs to be protected and the ongoing intelligence needed to prevent likely attacks.
Research shows that the public sector is the slowest to identify key risks
A recent global cybersecurity benchmarking study found that the public sector ranks highest for inadequate identification of key risks among all the industries surveyed. This is because the public sector continues to struggle with disjointed infrastructure, siled operations, decentralized practices, resource constraints, and knowledge disparities as today’s threat landscape has grown in complexity and velocity. Together, these factors put security teams on the defensive during security incidents and enable nation-state threat actors and grassroots operators alike to carry out significant breaches.
Additionally, the Skybox Research Lab recently found (PDF) that 186 vulnerabilities published in 2021 were promptly exploited within the year, 24% more than the number of vulnerabilities published in 2020 and subsequently exploited in current vulnerabilities. This shortens the time between initial detection and active exploits, and highlights the need for a change in security strategy in public sector organizations.
Given these unique challenges faced by the public sector, threat actors are increasingly launching high-profile attacks on these organizations. Attack vectors are becoming broader as new vulnerabilities are discovered in various software and application areas. These vulnerabilities allow cybercriminals to conduct sophisticated attack campaigns with modest resources.
Shift from response to prevention
The good news is that there are clear best practices that organizations can follow to take a proactive approach to preventing cyberattacks.
- Focus on exposure risk: Visualizing the entire attack surface and understanding all points of attack is critical to an effective cybersecurity program. However, the ongoing onslaught of newly discovered vulnerabilities creates challenges in prioritization and overwhelms often resource-constrained security teams. Rather than wasting limited bandwidth tracking massive amounts of vulnerabilities, organizations need to focus on which vulnerabilities threat actors are exposed to and can cause real risks to network resources.
- Invest in automation: Finding the cybersecurity professionals needed to effectively address today’s threats remains a challenge. As the landscape evolves, it will be imperative for organizations to build automation into their tool stack to keep security teams one step ahead of threat actors. This technology reduces the need to manually track each vulnerability as data continues to grow exponentially.
- Think of your entire supply chain: Organizations need to review their business models to ensure their supply chains impact their cybersecurity strategies, including potential vulnerabilities. This vital part of the operations is a colossal point of potential vulnerability. Some of the most notable breaches of the last two years, including SolarWinds and Kaseya, were the direct result of vulnerabilities introduced through supply chains. As these chains become more complex and global, extending access well beyond the enterprise, it will be critical for security teams to look closely at the potential impact and vulnerabilities.
Achieve a holistic approach to cybersecurity in the public sector
Context and information are essential to strengthen public sector cybersecurity programs. By developing clearer security effectiveness by creating a security posture management strategy, public sector organizations can better visualize and analyze hybrid, multi-cloud, and OT networks for a complete picture of their attack surface.
This allows organizations to stay ahead of the next security incident by looking at vulnerabilities the same way cybercriminals do — by focusing on those with the highest risk score and knowing whether or not they are exploitable and open.