Cybersecurity threats for government

Issue 1 2022 Government and Parastatal (Industry)

Malicious cyber actors are often opportunistic, targeting the low-hanging fruit of networks with visible vulnerabilities and valuable assets. In the private sector, would-be attackers will often simply move on to an easier target if an organisation appears to have good security and cyber hygiene. But, because government agencies have data or other assets that malicious cyber actors want, they will often go to great lengths to get it.

Due to the sensitivity of the information government holds and the persistence of many of those who are targeting it, government organisations don’t have the luxury of operating subpar cybersecurity without putting citizens’ data and potential essential services at unacceptable levels of risk.

Malicious actors are also aware that government security teams are increasingly asked to ‘do more with less’ and that many agencies may face shrinking budgets and resources. National, provincial and local government agencies are also connected to a wide array of contractors and third-party partners that can be targeted to steal user credentials and gain access to government networks.

The nation state cyber actors who target government networks are typically well organised and sophisticated, but according to a recent report from FortiGuard Labs on the evolving threat landscape, cyber criminals also are becoming more organised and sophisticated. Advanced persistent threat (APT) activity can now come from nation-states, from proxy actors working on their behalf, or from criminal groups or syndicates. All of these threat actors look to exploit government organisations’ fragmented network perimeters, siloed networking and security teams and ageing legacy digital infrastructure that was stressed in supporting the pivot to remote work as well as broad technology changes such as 5G communications and edge computing.

It is critical for government agencies to have a full spectrum of security capabilities, but they should pay special attention in addressing these three key threats.

1. Continued growth in the digital attack surface

Malicious cyber actors are exploring and discovering new areas for exploitation as organisations adopt new technologies and operating patterns. As agencies continue to expand their network infrastructure to accommodate work-from-anywhere (WFA), remote learning and new cloud services, the remote environment provides ample opportunity for malicious actors to find a vulnerability and gain a foothold. Instead of targeting only the traditional core network of an organisation, threat actors are exploiting emerging edge and ‘anywhere’ environments across the extended network, including assets that may be deployed in multiple clouds with differing security policies and capabilities in each.

Government agencies should focus on implementing zero-trust principles and architectures as soon as possible. Zero trust network access (ZTNA) is critical for moving beyond the outmoded ‘moat and castle’ model of network defence or the relatively simple measures of multifactor authentication and VPN connections that many government organisations used to secure their networks during the rise of remote work.

Zero Trust needs to be applied at a more nuanced level – by application – since access should not be evaluated and granted on a ‘one and done’ basis when a user logs on. This affords better protection to the organisation’s data and supports a ‘work from anywhere’ operating posture where the new normal may include users, data and devices connecting in increasingly innovative and non-traditional patterns.

In addition, software-defined networking is becoming increasingly common and secure software-defined wide area networking (SD-WAN) is becoming increasingly important because of the organisational flexibility, cost savings and better user experience it offers. Secure SD-WAN can both offer organisations these benefits and provide powerful and dynamic capabilities for segmenting networks and access to data to restrict an intruder’s freedom of lateral movement and keep breaches restricted to a smaller portion of the network.

2. Increase in OT attacks

The General Services Administration has stated it wants to have smart energy technology deployed by 2025 in all of the 10 000 buildings it manages for the US Federal Government. The increasing popularity of green building technology and the rise of building automation (‘smart buildings’) is going to increase the need to secure operational technology (OT) in government organisations’ digital environment. The convergence of IT and OT networks has enabled some attacks to compromise IT networks through OT devices and systems in the office environment – and even through Internet-of-Things (IoT) devices deployed in remote users’ home networks.

Since networks are becoming increasingly interconnected, virtually any point of access can be targeted to attempt to gain entry to the IT network. Traditionally, attacks on OT systems were the domain of more specialised threat actors, but such capabilities are increasingly being included in attack kits available for purchase on the Dark Web, making them available to a much broader set of attackers and lowering the skill and expertise needed to launch such attacks. Many OT and IOT devices lack strong security and cannot be upgraded or patched, forcing organisations to be nimble and adopt methods such as virtual patching of such headless devices.

Given the sophisticated and often clandestine nature of the attacks directed against them, government agencies should consider the use of deception technology to help an organisation discover intruders and impede their movement. Using a layer of digital decoys and honeypots, deception technology helps conceal sensitive and critical assets behind a fabricated surface, which confuses and redirects attackers while revealing their presence on the network. Studies also suggest that, if an agency deploys deception technology, it doesn’t need to use it everywhere to reap the benefit – much as a home security sign both deters intrusion and affects how any would-be burglar proceeds if they do proceed to try to break in.

3. Increased use of AI by malicious actors

The rise in deep fake technology should be of growing concern to both public and private sector organisations. It uses artificial intelligence (AI) to mimic human activities and can be used to enhance social engineering attacks. The bar to creating deep fakes is getting lower and it’s easy to find content generation tools on code repositories like GitHub that generate output that is good enough to fool even AI experts. Phishing continues to be a serious problem to government, with many employees continuing to work remotely and rely on email to conduct business. Look for malicious actors to not only steal a user’s identity and address book, but also the contents of their email inbox and outbox.

It is now possible to use such data to automatically generate phishing content that mirrors the writing style and syntax of a sender and tailors the content of each phishing email to topics they have already discussed with the target. Detecting phishing will no longer be a matter of looking for obvious indicators like bank scam subjects or awkward English usage.

Advanced technologies like endpoint detection and response (EDR) can help by identifying malicious threats based on behaviour, either of any executable code associated with that email (by running it in a virtualised sandbox), or based on malicious characteristics fed to the EDR engine from other sources of cyber threat intelligence. The speed of attacks is increasing and EDR coupled with actionable and integrated threat intelligence can help agencies defend against threats in real-time.

Agencies should look to leverage the power of AI and machine learning (ML) to act as a force multiplier to speed threat prevention, detection and response. The sheer size and complexity of the digital attack surface is often considered one of the greatest challenges to effective network defence. This approach of AI-fuelled automation turns it into a net advantage by making it into a unified collection platform that can sense potential malicious activity, assess its significance and both respond to it at the point of attack and pre-emptively inoculate the rest of the network. These capabilities can be deployed pervasively across the network to determine a baseline for normal behaviour so any changes can be responded to and sophisticated threats disabled before they can execute their payloads.

The need for complete protection

Government agencies provide essential services and have valuable data which citizens and partners rely on to secure on their behalf. Government networks are targeted by both persistent and sophisticated actors and by criminals looking for low-hanging fruit and easy gain. It’s critical for government networks to both do the basics in terms of cybersecurity and vulnerability management and to embrace Zero Trust security principles and employ powerful and versatile tools such as EDR and deception technology.

Threat actors and their attack methods are getting faster and more sophisticated, but by pursuing an integrated and automated approach to visibility and control, governments can better secure their assets. The challenge is that the location for these assets and the users and devices who need them is changing and agencies must provide connectivity and security for on premise computing, in the data centre, in the cloud, or at the edge.

Smart planning, doing the cybersecurity basics and leveraging the increasing convergence of networking and security are keys to ensuring that organisations can operate efficiently and securely.

The FortiGuard Labs report is available via the short link*fort2

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Public sector must respond to online threats in real time
Government and Parastatal (Industry) Cyber Security
The February 2023 Threat Report, produced by Trellix Advanced Research Centre (ARC), described an environment in which governments are becoming increasingly digitised, while dealing with scarce resources to build a future-facing cybersecurity strategy.

Heightening physical security at military base
Turnstar Systems Access Control & Identity Management Government and Parastatal (Industry) Products
Turnstar Systems recently installed two 3-metre Velocity Raptor traffic spikes at the South African National Defence Force (SANDF) Randfontein military base on Gauteng’s West Rand.

Expanding digitalisation of customs
Government and Parastatal (Industry)
Bidvest International Logistics provides an inside take on where we stand and what we need to do to achieve a gold standard in developing digitised customs.

eGate global hardware revenue to grow by 137% between 2023 and 2027
Government and Parastatal (Industry) Access Control & Identity Management News
A new study from Juniper Research has found that eGate hardware revenue will exceed $490 million by 2027; up from $207 million in 2023. The report, Border Security Technologies: Emerging Trends, Key Opportunities ...

Hytera and KZN Police Service roll out digital call handling system
Government and Parastatal (Industry) Asset Management, EAS, RFID Integrated Solutions
Hytera Communications announced that the municipality of Ray Nkonyeni in the KwaZulu-Natal province of South Africa is now using its digital call handling system for the reporting and recording of crimes.

IT security at the core of smart cities
Cyber Security IT infrastructure Government and Parastatal (Industry)
The success of service delivery and public access to universal Wi-Fi, home automation and smart sensors is based on increased IT security.

Digital systems ensure fast and secure processes
Government and Parastatal (Industry) Access Control & Identity Management
Thanks to digital systems for the application and issuance of identity documents, countries around the world are modernising and optimising their processes. Veridos, a global provider of integrated ...

Security principles for NKPs
XtraVision Government and Parastatal (Industry)
Nick Grange, MD of XtraVision, offers insights into securing national key points, such as munitions manufacturers, airports, harbours, power stations, courts, prisons and others.

Identity on the edge
IDEMIA Access Control & Identity Management Asset Management, EAS, RFID Government and Parastatal (Industry)
IDEMIA discusses mobile identities in this shortened white paper on protecting customers, companies and governments with privacy-first Mobile ID (see link at the end for the full paper).

Cybersecurity as the foundation
Axis Communications SA Government and Parastatal (Industry)
It’s time to move to a proactive stance in protecting assets, before cities implement billions of hackable, un-patched and non-upgradable devices to the world’s digital grid.