With international tensions heightened as we enter month eight of the war between Russia and Ukraine, it’s clear that a new era of intensifying state-sponsored attacks is upon us, especially those targeting public sector agencies and services.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a rare “Sheilds Up” warning earlier this year, highlighting the need for U.S. organizations to remain vigilant and safeguard their most important and sensitive assets. Later, CISA has also warned of the threat posed by state-sponsored threat actors from China and North Korea.
The current geopolitical climate has put cybersecurity in the spotlight to ensure national security, making it especially crucial for public sector organizations to take a proactive stance against threats. Proactive cybersecurity starts with a complete understanding of what needs to be protected and the ongoing intelligence necessary to pre-empt likely attacks.
Research shows public sector slowest to identify key risks
A recent global cybersecurity benchmarking study found that, among all industries surveyed, the public sector ranked the highest in inadequate identification of key risks. This is because the public sector continues to struggle with disjointed infrastructures, siloed operations, decentralized practices, resource limitations, and knowledge disparities as today’s threat landscape has increased in complexity and speed. Together, these factors put security teams behind the curve and on the defensive when security incidents occur, enabling nation-state threat actors and grassroots operators alike to carry out significant breaches.
Moreover, the Skybox Research Lab recently found (PDF) that 186 vulnerabilities published in 2021 were promptly exploited within the year, 24% more than the number of vulnerabilities published and subsequently exploited in 2020. That means cybercriminals are getting faster at executing attacks based on recent vulnerabilities. This lowers the time between initial discovery and active exploits and makes it clear that the security strategy within public sector organizations must change.
Given these unique challenges the public sector faces, threat actors increasingly carry out high-profile attacks across these organizations. Attack vectors continue to broaden with new vulnerabilities being discovered across various software and applications. These vulnerabilities allow cybercriminals to conduct sophisticated attack campaigns using modest resources.
Shifting from reaction to prevention
The good news is there are clear best practices organizations can follow to achieve a proactive approach to preventing cyberattacks.
- Concentrate on exposure risk: Visualizing the entire attack surface and understanding all exposure points is crucial for an effective cybersecurity program. However, the ongoing onslaught of new-found vulnerabilities creates prioritization challenges and overwhelms security teams that often have limited resources. Instead of wasting limited bandwidth pursuing massive amounts of vulnerabilities, organizations must zero in on which vulnerabilities are exposed to threat actors and can cause real risks to network assets.
- Invest in automation: It continues to be challenging to find the cybersecurity talent needed to effectively handle today’s threats. As the landscape continues to evolve, it will be essential for organizations to incorporate automation into their tool stack to keep security teams ahead of threat actors. This technology will reduce the need to manually track each vulnerability as data continues to grow exponentially.
- Be mindful of your entire supply chain: Organizations must re-examine their business models to ensure their supply chains’ impacts on their cybersecurity strategies, including potential vulnerabilities. This vital part of operations is a colossal point of possible weakness. Some of the most notable breaches from the last two years, including SolarWinds and Kaseya, were the direct result of vulnerabilities introduced through supply chains. As these chains become more complex and global and expand access well beyond the organization, it will be crucial for security teams to take a hard look at the potential impacts and vulnerabilities.
Achieving a holistic approach to cybersecurity in the public sector
Context and intelligence are essential to fortifying the public sector’s cybersecurity programs. By developing clearer security efficiency via the creation of a security posture management strategy, public sector organizations can better visualize and analyze hybrid, multi-cloud and OT networks to capture a complete picture of their attack surface.
This allows organizations to get ahead of the next security incident by viewing vulnerabilities the same way cybercriminals do — focusing on those with the highest risk score and knowing whether they are exploitable and exposed or not.