Cybersecurity is no longer considered a problem to be solved – it’s now a risk to be managed. Over the last decade, the cybersecurity landscape has solidified itself as a primary component of any government agency’s IT infrastructure. With today’s malicious cyber actors continuously seeking out government network vulnerabilities to exploit, it is imperative that agencies bolster their cybersecurity defenses and implement best practices for their IT infrastructures – like adopting a zero trust framework.
But when a government agency does fall victim to a cyberattack, what next steps do they need to take to successfully navigate and mitigate the incident?
To answer this question, the Wall Street Journal and NETSCOUT sponsored and co-hosted “A 360-Degree Outlook on the Global Security Landscape,” a webinar focused on how government agencies can effectively maneuver through today’s ever-changing cybersecurity landscape.
Webinar panelists included President and CEO of Cyber Threat Alliance Michael Daniel and NETSCOUT Director of Security Technologists Gary Sockrider.
It’s not an if – it’s a when
“Given the volume of cyber activity that’s out there – ranging from what nation-states do to cybercrime – there’s a high likelihood that at some point, your business will experience some sort of cyber incident,” said Daniel.
If your organization or government agency was victimized by a cyberattack, would you know what to do? Eighty-seven percent of the webinar audience said they thought they could handle a cyberattack. That’s encouraging, but Daniel admitted that he believes most of the world is a mix. He said that some organizations have started to get pretty sophisticated in how they approach cyberattacks. Others haven’t given it much thought, he said, and just hope that it won’t happen to their organization.
Technology: Just one piece of the puzzle
What many don’t understand is that handling a cyberattack isn’t just a tech problem. And oftentimes, tackling these other issues takes much longer than the tech forensics. Just a few of the considerations include the following:
- Legal obligations – There are fewer legal barriers than there used to be, but there are still legal issues that need to be understood.
- Human Resources – What do you tell your workforce?
- Constituent communications – Obviously you need to let your constituents know. But what do you tell them?
- Information sharing – A lot of organizations do not put enough time and effort into information sharing. Everyone agrees that it’s a good idea. But it needs to be made a priority, no just a duty as assigned.
Over the years, Daniel discovered that no individual organization has all the information it needs. “Nobody knows everything there is to know about cyberspace or the cybersecurity landscape. The flip side is, the bad guys share information all the time. They’re collaborating in very sophisticated ways,” he commented. This sharing theme was the genesis of Daniel’s non-profit organization, Cyber Threat Alliance (CTA). The CTA’s members include cybersecurity experts from 11 countries – mostly from commercial businesses – and they partner with non-profit organizations that focus on cyber activities. This group is working to build a formalized landscape for information sharing that can ideally become a worldwide standard.
A shift in mindset
What shift in mindset does a government agency need to get comfortable with the change necessary to successfully mitigate cyberattacks? Daniel said that organizations need to proactively prepare for cybercrimes before they happen. He also mentioned that it’s critical to understand that this problem can’t be fixed by buying something. It’s not a one-time tech issue. It’s a long-term risk government agencies need to manage, and involves many departments. And in thinking of a cyberbreach as not just a tech problem, but a human-behavior problem, organizations will be much better prepared to tackle malicious actors successfully.
It all starts with your data
Sockrider emphasized that the cybersecurity landscape for keeping hackers out of government networks and systems has changed, and that the tactics to properly direct security teams has evolved. New and different challenges have yielded opportunities. He said, “The bad guys only have to get it right once. But the good guys have to get it right all the time.”
The most critical focal point is the network, and the key is to be laser focused on packet data – not sampled data, which can be incorrect or incomplete – on a granular level.
Many organizations have been focused on keeping bad things out of their systems. When you are able to access packet data, meaning all data, you get more answers. Everything that traverses the network needs to be seen. And not just seen, but analyzed in real-time by security teams. You can analyze past incidents such as breaches or data compromises to help you with future threat detection before it happens.
Breaches happen all the time – every day – but that doesn’t mean the bad guys succeeded. But the data they supply can be turned to smart data that gives an organization actional intelligence.
Capturing every piece of data is incredibly challenging,” remarked Sockrider. NETSCOUT has spent more than 35 years perfecting this technology. The organization realizes the importance of being laser focused to mitigate risk of attack. Sockrider also said that it’s not just about focusing on your own network – it’s studying what’s going on globally, so all that information can be used to put an end to cybercrime on a worldwide basis. “That’s really the goal,” he commented.