The beginning of a New Year is always a strangely quiet time for government agencies. The holidays have just ended, agency employees are slowly trickling back into work and settling back into their home offices, to sign in and begin sifting through the countless emails that have accumulated over their time off.
As agencies ease back into the swing of things and turn their calendars over to 2022, it’s important to keep in mind that malicious cyber actors did not take time off during the holidays. In fact, due to the level of threat that cyberattacks posed throughout this past holiday season, the Biden administration preemptively released a statement to American corporate executives and business leaders on December 16, imploring them to take stock of their business’ IT infrastructures and prepare for a potentially volatile period of cyberattacks.
“The holidays are an opportunity to spend time with our loved ones and enjoy some well-earned rest,” read the release. “Unfortunately, malicious cyber actors are not taking a holiday – and they can ruin ours if we’re not prepared and protected.”
And even though the holidays have come and gone, government employees must enter 2022 with vigilance and be up-to-date on the latest trends and threats ransomware and identity attacks are posing to their agencies.
Last month, CrowdStrike held the “A CISO’s Journey in Defending Against Modern Identity Attacks” webinar, where CrowdStrike’s Vice President of Zero Trust and Identity Marketing, Kapil Raina, and Xoriant’s Chief Information Security Officer (CISO), Jay Kashyap, discussed the latest trends coming out of ransomware and identity attacks, and how government agencies can defend themselves from falling prey to these sophisticated breaches.
Here are three key insights you need to know:
Ransomware-as-a-business
One of the most illuminating parts of the webinar discussion was the revelation that the actors behind identity attacks, breaches, and ransomware hacks have honed their craft to the point where cybercrime groups are now creating wage-paying ecosystems that are run like businesses.
“What it points to is the evolution of ransomware-as-a-service to near perfection,” said Kashyap. “Those groups that actually manage ransomware-as-services have now evolved to delivering this ransomware toolkit, and they employ people as wage workers.”
With hacker ecosystems forming into organized, pyramidal crime rings and breach techniques being perfected and harder to detect by the day, government agencies must accept the fact that it’s not a matter of if they’ll be attacked, but rather when. According to Raina, as ransomware-as-a-service and identity attacks grow in sophistication, “it’s lowering the bar and the cost of the attack [for the hacker], which means it’s potentially increasing the cost for the CISO to defend the organization.”
Preparation = Modern IT Infrastructure + Identity Management Plan
As the country settles in, once again, for another COVID-19 variant wave, government agencies continue to turn to remote working solutions to keep their workforces healthy and safe. And though employee health and safety must be prioritized and accommodated, work-from-home (WFH) technology and solutions have created a massive headache for agency IT and cybersecurity professionals.
With remote work, there is no longer a well-defined, perimeter-based, or site-based IT defense network for government agencies. As a result, agencies must turn to modern IT infrastructures and constructs that will help serve as lines of defense for identity and credential-based attacks or breaches.
By implementing multi-factor authentication (MFA) protocols, biometrics, and a zero trust architecture, agencies can reduce the opportunities and vulnerabilities malicious actors can exploit to breach and devastate agency networks.
Kayshap also notes that government agencies must be prepared and have systematic plans and protocols in place for identity management, identity protection, and breach response. Without a centralized, network infrastructure blueprint that has identity management and protection at its core, agencies leave themselves vulnerable to hackers who are experts in identifying and exploiting an agency’s lack of preparation.
Incident Response: The Dos & Don’ts
A question that both Kayshap and Raina are frequently asked is, “What should my agency do if we are breached?”
Kayshap advises that if your agency network is breached, you must first pinpoint what compromises there may be, identify who was behind the breach, then evaluate the risk to determine whether a response is needed. Kayshap went on to explain that if your agency does decide to respond to a breach, they must not do it alone.
“I would say not trying to do the response by yourself is a very key factor here,” said Kayshap. “And there are several reasons for that. The threat actors are very trained in managing people that don’t have experience in trying to talk to them. And there is a very severe series of escalations that come if you start negotiating with those folks.”
Finally, once your agency has determined what has been compromised, be sure that the network environment is segmented from information, systems, and identities in a way that makes additional lateral traversal breaches not possible. “So even if you were to lose some target information, you’ve not lost everything,” explained Kayshap.
