Stopping ransomware in its tracks

Featured eBooks
Changes in State and Local Government Workforces
NASCIO Special Report 2024
A New Era of Social Media Regulation
Insights & Reports
Unlocking digital potential: Strategies for modernizing government services
Presented By Adobe
Download Now
Unlocking public sector potential
Presented By NTT DATA
Download Now
By Danny Connelly,
Chief Information Security Officer
 

Connecting state and local government leaders

By Danny Connelly

|

Zero-trust solutions allow agencies to reduce the risk that an attacker with a foothold in a computer will inject ransomware and take down the entire organization.

As the pandemic’s one-year milestone passes, federal IT leaders are planning for what’s next,  including large-scale hybrid work environments.

Keeping data and business operations secure is priority one, but phishing, ransomware and advanced threat attacks have grown significantly over the past year. Cybercriminals target remote government employees as they adapt to new environments and technology. Adversaries leverage COVID-19 spikes to target health care institutions that may be more susceptible to attack to exfiltrate sensitive data. Financial attacks target the stimulus funds, with bad actors posing as government officials to phish for sensitive information and push out ransomware.

Agencies can no longer rely on traditional network security approaches as they build out hybrid IT environments and deploy modern digital services. To reduce cyber risk in 2021, government cyber leaders are modernizing security and turning to zero trust models.

Tracking invisible threats

Since March 2020, there has been a 500% increase in ransomware attacks over Transport Layer Security (TLS) according to the Zscaler ThreatLabZ report, 2020 State of Encrypted Attacks.

This growth highlights the importance and urgency of having a comprehensive capability to perform SSL inspection, sandboxing and threat prevention on all internet traffic. These capabilities are critical, giving IT teams the ability to detect and prevent threats hidden in encrypted streams.

Threat actors continue to use phishing to obtain initial access to an agency endpoint because it’s easy and they only one victim to fall for a phishing campaign to breach a network. While Binding Operational Directive 18-01 has enhanced email security across the federal space, attackers are still able to use various techniques to evade detection.

Once malicious actors obtain initial access to an endpoint, they can launch additional attacks depending on their nefarious intent:

  • Inject into or leverage processes running with elevated privileges.
  • Pull down additional payloads to install ransomware.
  • Execute keystroke log/screen scrapes to steal login information when a user is logging in.
  • Harvest a user’s address book and use the contacts to phish others, common in business email compromise campaigns.
  • Enumerate and attempt to access any accessible enterprise services available to the user due to overly permissive or insecure permissions.
  • Exploit vulnerabilities or misconfigurations on other systems.
  • Target high-value assets, databases or repositories with sensitive information.

Ransomware delivery is one of the most common next-stage attacks. This billion-dollar industry benefits from the fact that traditional approaches to network segmentation are time consuming and complicated to implement and manage on an enterprise scale. Too often, there are gaping holes left open that an attacker can hop through. Because an attacker only needs one foothold, one pathway into an agency’s network, cyber defenders on the front lines must account for all potential entry points to adequately defend the enterprise.

These realities highlight the urgency for agencies to adopt zero trust solutions to reduce the risk that an attacker with a foothold in a computer will take down the entire organization. Besides closing gaps, agencies must quickly deploy and scale solutions. They don’t have years to evolve their legacy network-centric security to successfully combat today’s threats.

To fully protect IT environments, agencies need real-time visibility and security with a cloud-based proxy architecture. Securely directing traffic straight to the cloud, (application to application) will enable improved data mobility, eliminate network-centric security bottlenecks and deliver more robust security capabilities that can scale.

A cloud-based proxy architecture also allows agencies to easily inspect encrypted traffic at scale. It eliminates the need to deploy physical boxes on prem to uncover and block threats without extra cost or performance degradation. The result is reduced latency, improved user experience and consolidated, individually managed security capabilities. As a former defender, I know that every bit of efficiency helps to keep the folks on the front lines focused on supporting the mission, versus supporting technology.

Securing IT environments with zero trust

Federal cyber leaders can achieve many efficiencies with cloud-based security solutions. 

any agencies initially increased capacity on remote-access solutions, including virtual private networks, to accommodate spiking numbers of teleworkers. This led to significant increase in traffic coming in and out of the network, which caused bottlenecks and put federal data, devices and users at risk.

In addition, when agencies place their security technology at the perimeter of their network, all traffic has to be backhauled through the data center and VPN before accessing applications -- resulting in latency, poor user experience and reduced productivity. When users are frustrated, they will sometimes take matters into their own hands and implement alternative approaches -- shadow IT -- often not in line with security best practices.

Instead, with the Trusted Internet Connection (TIC) 3.0 guidance providing new options, agencies are adopting zero-trust models that inherently do not trust any user, device or network location, and each identity and device is assessed before granting access to an application. The approach reduces the attack surface by making applications invisible and accessible only by authorized users.

Agencies are also implementing direct-to-cloud connections that eliminate the hair-pinning caused by backhauling traffic through a VPN -- reducing traffic and latency, and ultimately, improving the user experience.

Employees can securely access the cloud, internet and software-as-a-service applications from any location while meeting or exceeding government requirements. By never placing users directly on the network, zero trust can also prevent cybercriminals from taking one foothold and turning it into a complete domain compromise. 

Fighting cybercrime with updated policy

As federal IT and cybersecurity leaders continue to modernize and secure their network architecture, there are many resources and emerging opportunities. TIC 3.0 has been a game changer that allows agencies to move away from the network-centric approach and realign their security posture to focus on securing users and data traffic in any location.

Agencies should follow the National Institute of Standards and Technology’s SP 800-207 guidance as they migrate and deploy zero trust across their enterprise environment. This guidance has opened the door for agencies to adopt modern security capabilities, hybrid cloud environments, allowing them to connect users with direct-to-cloud access, without backhauling traffic to the data center first.

By creating a least-privilege access model, federal cyber leaders can ensure the right person, device and service has access to the data needed, while protecting high-value assets. 

NEXT STORY: Biden Infrastructure Plan Offers $213 Billion ‘Sweeping Investment’ in Affordable Housing

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.