As government agencies continue to modernize their networks, traditional security perimeters are not always enough to stand up to persistent threats from phishing and malware attacks.
Government workers rely more than ever on cloud services, mobile devices and interagency connection points to collaborate on work and access valuable data. However, this results in a wider attack surface that requires a paradigm shift in how IT secures agency networks.
In a new podcast on FedScoop, cybersecurity and infrastructure expert Sean Berg explains that understanding user behavior goes a long way toward defending and monitoring what is happening on the network.
To be able to understand what activity is normal or not normal, an agency must first understand the context of an individual’s activity, says Berg, senior vice president and general manager, global governments and critical infrastructure with Forcepoint — the underwriter of this podcast.
Phishing and malware attacks are not going away, and malicious actors will always seek out ways to socially engineer access to accounts. Berg suggests that behavioral analysis tools will create a more robust security environment because this security posture enters people into the equation.
The goal would be for an agency to draw a baseline of how a user operates on the network and what data they access, then signal an alert if the user’s behavior changes significantly at any time. This concept is similar to how credit card companies look for anomalous behavior on client purchases.
“We need to block things that look really wrong and let go of things that look ok,” says Berg. “But there is this huge chasm in the middle, where if you don’t have the context you can’t understand what’s really going on.”
If agency leaders feel overwhelmed with the volume of threats and alerts, they are not alone. But they can take concrete steps to narrow the risks, beginning with assessing their overall IT environment to identify the most critical operating areas, suggests Berg. Only after this assessment should they “apply the behavioral models to that and connect those to their infrastructures.”
From a cybersecurity standpoint, this will yield better results against a cyberattack than a one-size-fits-all security approach where agencies categorically block certain things from happening.
Most important is that government agencies continue to focus on what is critical to the organization’s environment — people and data. Keeping this in the line of sight will make leaders much better equipped to understand and address cyberattacks.
This podcast was produced by FedScoop and underwritten by Forcepoint.