While working in the public sector and private sector have many differences, one characteristic is similar: cybersecurity and threats. Both sectors feel the pain of not having a sufficient community of trained and available security staff to hire, both are constant targets of phishing and related social engineering attacks and both are trying to balance the three-pronged attacks of the pandemic, the relocation of employees to work-from-home status and increased risks from attacks on cloud assets.
The current pandemic is having a major impact on all levels of government. Aside from the financial impact the pandemic is having on the private sector, government IT professionals are facing the following challenges:
However, governments have other concerns as well. Government operations potentially can impact much larger groups of people than a corporate attack. Depending on the government entity targeted, the effect could impact critical infrastructure at all levels. The COVID-19 effect of draining critical financial resources to fund purchases of hardware and software for newly displaced employees, plus expenses for significant increases of cloud services and, in some cases, a forced digital transformation from on-premises data centre to cloud-based assets, is putting a strain on both financial and staffing resources.
From the citizenry perspective, the pandemic has opened the proverbial Pandora’s box of fake “official” websites devoted to COVID-19, misinformation from websites purporting to be the Centers for Disease Control and Prevention and other government and medical facilities that actually are watering holes for malware and ransomware attacks on hospitals delivered in emails purporting to be information about COVID-19.
A joint advisory group from US and UK security agencies was formed to protect the intelligence communities from becoming victims of attacks, particularly from advanced persistent threats from groups targeting individuals and organisations with malware. In March 2020, Infoblox observed a malicious spam (malspam) email campaign that used a fraudulent Coronavirus alert from the World Health Organization (WHO) to deliver Trickbot banking malware. We also observed a series of campaigns using COVID-19 or Coronavirus-themed spam emails to distribute the Agent Tesla information stealer (infostealer).
What can government agencies do to defend themselves against such attacks?
While public and private sectors have some differences when it comes to issues such as disclosure and confidentiality, the basis is the same. At the core is user education. Helping government employees understand good cybersecurity hygiene is essential. With the vast majority of office-based government employees working at home, agencies need to focus on the basics of identity management; implementing zero trust in order to protect networks from untrusted users, devices, applications and network connections; and ensuring that data is protected from unauthorised egress and access.
For those governmental agencies without existing threat intelligence capabilities, now would be a good time to invest in a comprehensive program that includes a mix of traditional data feeds, specialised feeds focusing on specific requirements for a given agency, an open source intelligence (OSINT) feed and greater emphasis on understanding the threat intel an agency already is generating from its existing SIEM systems and related log systems.
Government agencies also should take advantage of several emerging technologies to further enhance their existing security policies. For example, security orchestration, automation and response (SOAR) enhances the speed and reliability of existing operations. For cloud-based operations, a cloud access security broker (CASB) is on-premises or cloud-based security policy enforcement placed between cloud server consumers and providers. It interjects enterprise security policies as cloud-based assets are accessed.
Continuous management and monitoring add another dimension to protecting government networks. As a key target of bad actors and nation-state cyberattackers, continuous monitoring is essential; any lapse can let attackers have access to a system, even if just momentarily.
So, how can government agencies protect themselves and their employees from potential losses? Generally, the best practices for corporations apply to government agencies as well.
Cybersecurity guidelines for government organisations
By Wissam Saadeddine, Senior Manager – MENA at Infoblox