Remote Work Has Changed the Nature of Federal Cybersecurity
When the pandemic hit and shutdowns began, agencies rapidly went from being predominantly office-based to predominantly remote, abandoning an old-school perimeter approach that had been decades in the making. By scaling VPNs and moving data into Software as a Service applications, agencies were more or less able to maintain continuity of operations despite the pandemic.
Still, many government employees had to configure their own home networks and devices, while IT had to secure a wide range of operating systems, equipment and new apps. To put it plainly, some things likely fell through the cracks.
In some cases, policies may not have been consistently applied as new SaaS and cloud applications were quickly spun up, nor did policies seamlessly follow users. In others, IT was spread too thin to keep an eye on the expanded attack surface. Or, maybe lockdown simply meant that cybersecurity enforcement got lighter.
Regardless of the reason, we’ve already seen that malicious actors, from nation-states to organized criminal groups, have found their way into government networks. With this in mind, federal IT pros need to first double-check the basics. They should revisit their policies and processes and validate their security posture and risk appetite. Next, they must prioritize data visibility and protection in order to ensure malicious insiders and external bad actors aren’t accessing sensitive agency data and intellectual property.
IT Leaders Need to Know How Data Is Being Accessed
In 2021, the only way agencies can prevent data loss is by knowing exactly where their data is on a minute-by-minute basis and how and which users are accessing that data. Without visibility of data in this way, we cannot scale and understand how to work productively, flexibly and securely.
User activity monitoring relies on behavioral analytics and machine learning to understand data access patterns and, in turn, allows security pros to identify malicious users and compromised accounts. If users are accessing data they shouldn’t be, downloading dangerous amounts of data, logging in from multiple time zones at once or if their behavioral patterns change, users can be flagged and the risky behavior stopped.
As remote work becomes the new normal, continuous monitoring must too. Longer-term, cloud-native solutions that offer a deep understanding of user behavior should be implemented permanently.
Stopgaps are simply insufficient when it comes to protecting data and intellectual property. Additionally, the notion of multiyear security programs must be replaced with more agile security. Because behavioral analytics and Indicators of Behavior (IOBs) focus on events rather than simple Indicators of Compromise (IOCs), as well as how users interact with data, agencies will be able to understand data usage in context and enforce data-loss prevention policies in an adaptive manner in real time.
Remote work is here to stay in 2021, meaning the old perimeter is gone for good. Data needs to be more accessible than ever without compromising security. Just because an agency hasn’t had a data-loss incident yet, that doesn’t mean there aren’t vulnerabilities or malicious insiders already lurking.
Especially considering the extent to which the pandemic has expanded the attack surface, user behavior monitoring should be nonnegotiable in the years to come.
While government IT pros deserve immense credit for the rapid shift to remote work, as we’ve seen, adversaries are usually one step ahead. In 2021, additional vulnerabilities and more advanced attack methods will likely come to light. To be prepared, agencies must combine behavioral analytics and IOBs to achieve visibility and control.