The ongoing COVID-19 pandemic forced government agencies to expedite their digital transformation initiatives and embrace new technologies in an effort to enable their workforces to operate remotely. With the potential for employees to possibly get sick or perish, agencies moved quickly to make it possible for all workers that could do their jobs from home capable of doing so.
But embracing and implementing technologies for collaboration, information sharing, and enabling remote access to agency data and resources left government agencies vulnerable. Targeted attacks by malicious actors could cripple agency productivity by taking down mission-critical IT systems and applications. And having employee devices and networks accessing government data and systems increased the cyber risk of federal agencies.
Cyber attackers have identified these security challenges and have continued to react and adjust to these changes – resulting in more varied attacks that target enterprise networks. This can clearly be seen through the use of Triple Extortion attacks, which are intended to increase the odds of the extortion payment.
The triple extortion attack consists of:
- Encrypting data with ransomware and demanding payment for a decryption key
- Stealing data with the threat to expose or sell publicly unless payment is received and
- The attacker launches a Distributed Denial of Service (DDoS) attack to prove the seriousness of the threat, block communication to internal network resources and overwhelm security teams.
“In the end, you have a full-on malware campaign, you have a full-on ransomware campaign, now you have this full-on intrusion aspect where they’re stealing your data,” Richard Hummel, NETSCOUT’s ASERT Threat Research Lead recently explained to the GovCyerHub. “Then they either blackmail you or use that for other operations. You have three separate significant cyberattacks happening here, just in conjunction with each other.”
Attackers also have amplified the seriousness of such attacks by waging attacks against devices that enterprises are using to support remote work initiatives. This includes everything from attacking VPN concentrators to brute force Remote Desktop Protocol (RDP) and Telnet attacks. The end result is that enterprises are not only experiencing a substantial increase in attacks overall but they’re also being hit with secondary and tertiary attacks as well.
Not surprisingly, the increases and changes to the attack vectors have required enterprises to rethink their approach to cyber resiliency; or their ability to predict, resist, recover from, and adapt to attacks.
From security initiative to operational imperative
Developing a cyber resiliency plan was viewed as more of a security initiative across organizations before the pandemic. However, all of the changes that enterprise IT and security have undergone during the pandemic have likewise transitioned cyber resiliency to a much-needed strategy that impacts and influences the entire organization.
That strategy dictates an organization’s ability to predict, resist, recover from, and adapt to the massive changes in cyberattacks. Cyber resiliency requires visibility across the entire enterprise – including how an organization operates, its supply chain, the flow of data and information across the organization, and the identification of critical applications and systems.
When done correctly, cyber resiliency improves an organization’s ability to identify and measure risk, while also improving visibility for both IT and security teams tasked with protecting organization resources. To incorporate cyber resiliency as an organizational strategy, agencies should look for scalable solutions that use curated threat intelligence data to identify potential threats.
Organizations should have comprehensive packet-level visibility into all internal east-west network traffic, no matter where the internal network may reside – whether inside agency walls or in a public or private cloud – to identify anomalous behavior and attacker lateral movement. In addition, organizations need packet-level visibility into north-south traffic at the network edge, where they can both detect and block cyber threats.
The COVID-19 pandemic has changed the way in which agencies operate and the way in which government employees work. And that change in “business as usual” may, in fact, be permanent. With IT systems and tools fundamental to the operations of today’s government agencies, cyber resiliency planning is no longer just a function of the security team – a cyber resiliency plan needs to be an organization-wide strategy that influences everything from how employees behave to how the organization detects and responds to threats.
To learn more about how to make cyber resiliency part of your company’s business strategy, read the new white paper, “Why Cyber Resilience Is Needed In The Post-Pandemic World.”
