COVID-19 Phase III— Amplifying the security imperative to emerge stronger and more resilient
This blog is co-authored by Miro Holecy, Government Industry Executive and IBM Distinguished Engineer and Julian Meyrick, Managing Partner & Vice President, Security Strategy Risk & Compliance, IBM.
In many cases, government leaders surprised themselves with their ability to rapidly innovate. In the rush to launch new capabilities to meet increased demand, however, critical security and protection measures may have been deprioritized, overlooked, or ignored altogether. As a result, many government organizations have further increased their exposure to security threats. The trick now is to sustain the pace of innovation and build even more momentum, while simultaneously closing any security gaps.
Moving government services, communication, and personal interactions to digital has significantly increased potential attack surfaces, resulting in a dramatic surge in cybersecurity incidents, including the recent series of ransomware attacks and exposure of personal and sensitive citizen data. This risk has intensified even more as a result of organizations leveraging data and artificial intelligence (AI) to accelerate COVID-19 recovery plans across multiple levels of government. This required moving workloads to the cloud—along with their associated threats and vulnerabilities. In fact, research indicates upwards of 90% of cyber-related incidents originated in cloud environments in 2020.
In addition to increasing risk, cyber incidents also had significant financial impacts on governments. According to a recent report, public sector organizations are the 6th most frequency attacked among all industries, and the average cost per cyber security incident is nearly $2 million. And what’s even more alarming is that attacks on public sector organizations have the 2nd longest attack lifecycle, with the average organization taking 330 days to contain a breach once identified. While you can’t point to a singular cause, a dearth of security experts with the right skills is a key gap and a likely contributing factor to the security woes of many public sector organizations.
Securing critical infrastructure with zero trust principles
The very nature of critical infrastructure implies a dynamic relationship between trust and risk. Understanding the amount of risk governments carry and being able to quantify that risk into financial terms provides a clear picture for implementing security in the most efficient and effective way possible. This is even more important when government operations move online, exposing both IT and operational technology (OT) networks to potential compromise. The May 2021 Colonial Pipeline ransomware attack led to fuel shortages across the East Coast of the United States. Reliance on IT and OT environments means mission-critical infrastructure is increasingly vulnerable to new threats. For example, GPS-enabled navigation systems that we take for granted are at risk of breakdown, which can negatively impact the deployment of emergency services vehicles, maritime navigation, and operation safety of many services consumed by citizens every day.
With the number of risks and security events growing exponentially, government security operation teams are adopting the zero trust security approach. The IBM Institute of Business Value concluded that organizations with mature zero trust capabilities have reduced their security capital and operational expenditures and increased the effectiveness of their cybersecurity operations. This zero trust approach enables the protection of the IT and OT at the foundation of government services by adopting key zero trust principles:
- Preserve citizen private and sensitive data with a focus on simplifying and securing user onboarding, managing user preferences and consents, and enforcing privacy regulations controls.
- Reduce the risk of insider threat by enforcing least privilege access, discovering risky user behavior, and embedding threat intelligence.
- Protect the hybrid cloud by managing and controlling all accesses, monitoring cloud activity/configurations, and securing cloud native workload.
- Secure the remote workforce by securing bring your own (BYO) and unmanaged devices, eliminating VPNs, and providing “passwordless” experiences.
Cognitive roadmap to zero trust
Government organizations can’t simply spend or hire their way to a healthy security posture. To close critical capability and skills gaps, several approaches and technologies are needed. As security technologies have evolved over the years, they have moved from simple perimeter controls (such as focusing on static defenses) to more advanced security intelligence capabilities (such as focusing on real-time threat information and deviations from patterns).
These new technologies have ushered us into the cognitive era of security. Cognitive security solutions can understand context, behavior, and meaning by analyzing both structured and unstructured data. Cognitive security looks to unlock a new partnership between security analysts and their technology. These solutions can interpret and organize information and offer explanations of what it means, while offering a rationale for conclusions. They also learn continuously as data accumulates and insights are derived from interaction.
These next-gen cognitive security solutions, can enable government security teams to:
- Enhance the capabilities of junior security operations center (SOC) analysts by giving them access to best practices and insight that used to require years of experience.
- Improve the response speed by applying external intelligence from blogs and other sources in an effort to take action before threats materialize.
- Quickly identify threats and speed detection of risky user behavior, data exfiltration, and malware infections using advanced analysis methods.
- Gain greater context around security incidents through automation of local and external data gathering and reasoning.
Cognitive security solutions can be used in combination with automated, data-driven security technologies, techniques, and processes to help ensure the highest levels of context and accuracy.
Improving collaboration for better security
While traditional approaches to cybersecurity relied on permissions and discrete network boundaries, today’s networks are defined by dynamic services and diffuse boundaries. Today’s digital platforms generate value by virtue of being interconnected, by sharing information across multiple parties. One leading example is the LA Cyber Lab, a first of its kind threat intelligence sharing platform, which allows city government officials, businesses, and private citizens to share cyber threat intelligence.
This collaborative approach to security helps governments increase their responsiveness while reducing complexity. Cognitive security technology helps to identify primary cyber weaknesses and vulnerabilities across government operations and government-controlled supply chains. Success requires a holistic approach and a deep understanding of the value that cognitive security solutions can provide.
Read my previous blog, "Phase III: The essential role of government in response to COVID-19."