Legacy systems, fragmented security solutions and a shortage of skilled cybersecurity specialists have left government agencies particularly vulnerable to attacks from cyberthreat actors.
At a time when agencies are retaining more critical and sensitive information than ever before, resourceful adversaries are using new methods to slip through security cracks, often dwelling inside federal IT networks for a year or more before being discovered. The Verizon Data Breach Investigations Report (DBIR) lists the public sector as the third-highest breach victim in the U.S., after financial and health care organizations.
A new position paper from CrowdStrike, provider of cloud-delivered endpoint security, argues that agencies need to take a more holistic approach to security and outlines a unified five-point security approach that goes beyond malware remediation. Malware is responsible for only about half of cybersecurity attacks, the paper says. The other half of attacks leverage tactics, techniques and procedures (TTPs) to outsmart and bypass security defenses.
Breaches like that of the Office of Personnel Management in 2015 exposed millions of citizens’ sensitive information, leading to both national security and political implications. The Verizon DBIR reported nearly 240 public sector breaches in 2016. While breaches have led to new security mandates, stronger regulations and frameworks alone will not protect public sector agencies. Protection and remediation require a unified combination of tools, infrastructure, security plans, policies and procedures.
The position paper stresses the importance of addressing five key areas of endpoint security:
- Compromise assessment
- Penetration testing
- Program development
- Tabletop exercises
- Counter-threat assessment
It also discusses considerations around cloud-based protection and regulatory compliance; continuous monitoring; endpoint detection and response; 24/7 managed hunting and threat intelligence.
This article was produced by FedScoop and sponsored by CrowdStrike.