Mar 25 2024
Security

Surge in Encrypted Attacks on Government Underscores the Need for Improved Defenses

With 86 percent of cyberthreats concealed in encrypted traffic, traditional security approaches won't cut it.

In the wake of escalating cyberthreats — including the Play ransomware gang’s 300-plus attacks on public entities across North America, South America, Europe and Asia, and the breach of two federal agencies — it is clear that malicious cyber actors are increasingly targeting government through encrypted attacks.

The federal government is taking steps in the right direction to prepare agencies. Guidance from last year’s National Cyber Strategy outlines a comprehensive approach to adopting a proactive stance for safeguarding critical infrastructure and sensitive data.

In addition, the Cybersecurity and Infrastructure Security Agency has recently released advisories emphasizing a shift toward encrypted attacks on public entities.

Eighty-six percent of cyberthreats are concealed in encrypted traffic, with a staggering 185 percent surge in encrypted attacks on the government sector, according to the Zscaler ThreatLabz 2023 State of Encrypted Attacks report, demonstrating that traditional security approaches face significant challenges against these sophisticated threats.

Click the banner to read CDW’s white paper on enhancing zero trust for your agency.

 

As agencies look to fortify their security measures, many are following guidance from the National Cybersecurity Strategy and CISA for leveraging zero trust to advance the nation’s cybersecurity progress.

By reducing the reliance on legacy technology and implementing zero-trust architecture, federal agencies can limit the impact of threat actors and strengthen their security postures.

Zero Trust and Microsegmentation Can Limit Attacks

The adoption of zero-trust architecture emerges as a crucial step to counter encrypted threats. Many conventional devices such as VPNs and firewalls can be vulnerable in the face of sophisticated attacks, and agencies must prioritize replacing such devices with more secure alternatives.

By embracing zero trust, agencies can significantly limit the shortcomings of legacy perimeter-based security approaches by enforcing strict least-privileged access controls and continuous verification. This will help prevent breaches, reduce the blast radius of successful attacks and hold up a strong security posture to protect against evolving threats.

However, not all zero-trust solutions are the same. It’s critical that agencies thoroughly test and verify the effectiveness of solutions through proofs of concept and pilots. With the establishment of formalized zero-trust offices, dedicated zero-trust leads and working groups, agencies are on the right track.

There is a wealth of information and expertise that can be leveraged to drive zero-trust adoption. This represents a significant step toward the end goal of widespread implementation of zero trust across the government.

When examining the surge in cyberthreats, the role of encryption and obfuscation techniques takes center stage. By implementing zero-trust architecture and microsegmentation as effective strategies to limit the impact of threat actors, agencies can enhance their overall security posture.

LEARN MORE: Smoothly navigate the cultural shift triggered by zero trust.

What Are Best Practices for Implementing Zero Trust?

As agencies begin the process of selecting and implementing zero-trust solutions, here are a few best practices.

  1. Use zero-trust architecture to secure all connectivity holistically. Agencies should create one-to-one application and user segments that are brokered and authenticated by the zero-trust architecture, allowing users to connect directly to a requested application without ever exposing the underlying network. Microsegmentation helps reduce access, even for authenticated users.
     
  2. Take a proactive stance by getting ahead of attacks. Agencies need to assess and update security strategies regularly to stay ahead of inevitable cyberattacks. Every internet-facing service, including firewalls, whether in the data center, cloud, or branch, can be discovered, attacked, and exploited.

    Agencies should look to reduce the number of entry points into an environment by placing internet-facing apps and services behind a cloud proxy that brokers connections, thereby eliminating vulnerable backdoors. Agencies should also evaluate their attack surface to quantify risk and adjust security appropriately.
     

  3. Adopt new security measures to safeguard public entities in the ever-evolving cyberthreat landscape. Using a zero-trust cloud-proxy architecture can enable and secure all connectivity across the agency. This enables agencies to perform in-line inspection of 100 percent of decryptable SSL/TLS traffic while continuously verifying users and devices before any connection is made.

As federal guidelines urge, establishing a governmentwide implementation of zero trust is imperative for maintaining a robust cyber posture. As cybercriminals continuously evolve their tactics, including encrypted threats and beyond, zero trust remains the best tactic for enhanced security.

everythingpossible/Getty Images
Close

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.