As citizens adjust their daily lives to reduce the chances of catching or spreading COVID-19, the risks associated with the pandemic are extending beyond a national health and economic crisis. Cyberthreats, including phishing scams, spam, and other attacks against organizations are spiking by as much as 40% as bad actors seek to take advantage of global uncertainty and anxiety, according to new data from CNBC.
Cyber concerns are running particularly high in the public sector. Government agencies, not used to the concept of a remote workforce, are suddenly confronted with the task of reducing the cyber risk associated with hundreds and thousands of potentially insecure home offices. Meanwhile, these already over-taxed resources must continue to ensure the ongoing security of their traditional IT infrastructures.
The government finds itself in a vulnerable place
It’s a new world order that is playing out at both the state and local and federal levels.
Meanwhile, the federal government agencies that citizens depend on for facts and information during this crisis are under attack.
In mid-March, the U.S. Department of Health and Human Services (HHS) suffered a cyberattack designed to undermine the government’s response to the COVID-19 pandemic, reports Bloomberg. The attack, likely by a foreign actor, overloaded HHS servers with millions of hits over several hours, with the goal of slowing agency systems. In an interesting twist, officials also believe that the attack is linked to a series of fake messages spread by text, email, and social media falsely claiming that President Trump would soon order a two-week mandatory quarantine for the nation.
Agencies must step up their cyber vigilance
During these dark times, it’s critical that government agencies step up their cyber vigilance. All it takes is a misconfigured piece of software or an insecure home Wi-Fi network for a hacker to gain entry to critical systems, take them offline, breach data, or spread disinformation. It’s a risk agencies can’t afford to take.
Yet no matter how much money agencies spend to protect their systems and data, they are frequently outwitted, outcomes aren’t improving, and opportunistic attacks are on the rise.
With limited resources to protect their environments, it’s critical that focus is placed on the areas that will have the greatest impact on the organization’s overall security posture. Now, more than ever, there are three things that organizations must do:
- Develop a comprehensive security performance management program that assesses the organization's overall security posture and helps teams prioritize and target vulnerabilities. This will help security teams stay one step ahead of threat actors.
- Gain insight into critical digital assets, no matter where they're located. This includes the data center, the cloud, or across geographies. As more people work remotely, home network monitoring will also be critically important. Security teams must be able to discover potentially risky remote office IP addresses that are more likely to be infected with malware and expose vulnerable services.
- Monitor and assess third-, fourth, and nth-party risk. All organizations depend on these partners for business success. They need to be carefully yet expeditiously vetted to ensure they're not bringing unwanted risk into the organization.
With these insights, government security teams can gain unprecedented visibility into key risk vectors (such as unpatched systems, insecure access points, or vulnerable vendors), calculate and prioritize that risk, and continuously monitor their assets and the remote workforce so that no vulnerability goes unchecked.
A proactive cyber defense strategy is needed as we flatten the curve
Amid this pandemic, for the first time in many of our lives, the role of government has never been more vital.
Hopefully, we will flatten the curve of COVID-19 infections, but until we do, we must be able to count on the continued “functioning” of vital government information, guidance, and services as we navigate this crisis.
To do this, agencies need to stop playing whack-a-mole and recognize that they can’t keep fixing issues as they arise. Good cybersecurity requires a shift from a reactive defensive strategy to a focused and proactive approach that SPM enables. One that allows security teams to effectively identify the most pressing and urgent threats to their growing networks — inside and out — make confident and informed decisions about where to focus security resources and, ultimately, stay one step ahead of nimble threat actors.