Security

Agencies Need to Take a New Approach to Data Security in 2021

The shift to remote work means that IT leaders need to chart a new path on cybersecurity.

Twitter

As Forcepoint’s global CTO and vice president of SASE engineering, Nicolas drives corporate-level vision, defines the research agenda and pilots technology and architecture roadmaps that underpin Forcepoint’s human-centric cybersecurity and SASE solutions. He is responsible for companywide innovation as well as Forcepoint X-Labs.

Over the past 12 months, day-to-day life has been completely rearranged, including how and where many people work. The urgent mass shift to remote work put tremendous pressure on IT professionals in 2020. Federal CISOs and CIOs should take a minute to applaud their teams (and perhaps reward themselves) for quickly enabling countless employees to be connected and productive from home.

However, these self-congratulations shouldn’t take more than a minute, because bad actors haven’t gone anywhere. On top of that, the shift to remote work has dramatically expanded the attack surface. Many agencies had to choose business continuity over security in 2020, and the impact on those organizations’ security vulnerability is going to present itself in the year ahead.

If the recent Sunburst hack showed us anything, it’s that IT leaders must go into 2021 with their eyes wide open. In fact, many government organizations are still determining the near- and long-term impact of the Sunburst supply chain attack, the extent of which won’t be known for years. As this and other technology priorities are outlined for the year, data visibility and data protection must top the list.

In 2021, we will begin to realize exactly how much intellectual property and personal information was stolen by external hackers and malicious insiders during the shift to remote work.

Remote Work Has Changed the Nature of Federal Cybersecurity

When the pandemic hit and shutdowns began, agencies rapidly went from being predominantly office-based to predominantly remote, abandoning an old-school perimeter approach that had been decades in the making. By scaling VPNs and moving data into Software as a Service applications, agencies were more or less able to maintain continuity of operations despite the pandemic.

Still, many government employees had to configure their own home networks and devices, while IT had to secure a wide range of operating systems, equipment and new apps. To put it plainly, some things likely fell through the cracks.

In some cases, policies may not have been consistently applied as new SaaS and cloud applications were quickly spun up, nor did policies seamlessly follow users. In others, IT was spread too thin to keep an eye on the expanded attack surface. Or, maybe lockdown simply meant that cybersecurity enforcement got lighter.

Regardless of the reason, we’ve already seen that malicious actors, from nation-states to organized criminal groups, have found their way into government networks. With this in mind, federal IT pros need to first double-check the basics. They should revisit their policies and processes and validate their security posture and risk appetite. Next, they must prioritize data visibility and protection in order to ensure malicious insiders and external bad actors aren’t accessing sensitive agency data and intellectual property.

IT Leaders Need to Know How Data Is Being Accessed

In 2021, the only way agencies can prevent data loss is by knowing exactly where their data is on a minute-by-minute basis and how and which users are accessing that data. Without visibility of data in this way, we cannot scale and understand how to work productively, flexibly and securely.

User activity monitoring relies on behavioral analytics and machine learning to understand data access patterns and, in turn, allows security pros to identify malicious users and compromised accounts. If users are accessing data they shouldn’t be, downloading dangerous amounts of data, logging in from multiple time zones at once or if their behavioral patterns change, users can be flagged and the risky behavior stopped.

As remote work becomes the new normal, continuous monitoring must too. Longer-term, cloud-native solutions that offer a deep understanding of user behavior should be implemented permanently.

Stopgaps are simply insufficient when it comes to protecting data and intellectual property. Additionally, the notion of multiyear security programs must be replaced with more agile security. Because behavioral analytics and Indicators of Behavior (IOBs) focus on events rather than simple Indicators of Compromise (IOCs), as well as how users interact with data, agencies will be able to understand data usage in context and enforce data-loss prevention policies in an adaptive manner in real time.
Remote work is here to stay in 2021, meaning the old perimeter is gone for good. Data needs to be more accessible than ever without compromising security. Just because an agency hasn’t had a data-loss incident yet, that doesn’t mean there aren’t vulnerabilities or malicious insiders already lurking.

Especially considering the extent to which the pandemic has expanded the attack surface, user behavior monitoring should be nonnegotiable in the years to come.

While government IT pros deserve immense credit for the rapid shift to remote work, as we’ve seen, adversaries are usually one step ahead. In 2021, additional vulnerabilities and more advanced attack methods will likely come to light. To be prepared, agencies must combine behavioral analytics and IOBs to achieve visibility and control.

DIVE DEEPER: Find out more about how next-generation endpoint protection can help your agency.

BlackJack3D/Getty Images