Defending against cybersecurity threats has never been more difficult than it is today. Agencies have evolved from a preventative cybersecurity mindset to a principle of cybersecurity resilience. The concept of resilience itself can be complicated. It includes not only taking preventative actions against attackers, but also actively seeking out, responding to, and recovering from them as well. The urgency of this transformation is further compounded by organizations that are transitioning to cloud environments. Many agencies are facing ever-expanding attack surfaces with their rapidly advancing portfolios of new services in hybrid and multi-cloud environments.
Historically, cybersecurity was about keeping the attacker out of the network. Now, the strongest defenses are those that focus on assuming compromise and trusting nothing. In the cloud, this manifests as protecting micro-segments instead of whole network perimeters. It also means expanding strong authentication and access controls to services, infrastructure, APIs, and data. Further, organizations must reduce the time to respond and recover via implementing automation capabilities wherever possible. Increasing resilience in these areas often involves adapting cyber range exercises, hunting for active threats, performing ransomware assessments, and building, upskilling, and improving the performance of teams responsible for detection, prevention, and response.
“Every day, mission partners are working with agencies to build resilience within cloud environments of all types,” said Dr. Matthew McFadden, vice president for cybersecurity at GDIT. “The most successful partnerships involve deeply embedding security into the overall cloud strategy and, ultimately, driving resilience while at the same time streamlining management and enhancing visibility and scale.”
Choosing the right solution can greatly accelerate an agency’s ability to understand, manage, and remediate the risk that cyber threat actors pose to agencies’ critical cloud infrastructure and information assets. Below are four critical topics any agency should investigate when increasing cyber resilience.
Testing and preparedness in any environment
Understanding the attacker’s perspective has always been important for organizational security. In today’s hybrid and multi-cloud environments, it’s more important than ever. Just as with traditional on-prem environments, penetration testing proves incredibly valuable to overall vulnerability awareness and management in the cloud. These tests help enable defenders to see their cloud environments as an adversary would, and allows agencies to take actionable steps that can rapidly drive down cybersecurity risks in applications, hardware, networks, and even people.
Today, some mission partners offer incident response and preparedness services that can include 24x7x365 incident response support. In the event of an incident, having trusted experts on-call provides an added layer of protection and assurance that allows agency teams to focus on higher-level tasks like keeping critical agency functions operational.
Just as with incident response solutions, vendors are increasingly integrating cyber threat intelligence into their security offerings. The teams most likely to have the best results are those that allow agencies to examine, assess, and share intelligence about threats across departments or environments and apply that information to focus on threats most relevant to them. Whether it’s quick dissemination of indicators of compromise, the reverse engineering of ransomware or wiper variants, or strategic analysis of likely attackers, threat intelligence must be central to any agency’s effort to increase resilience.
Cyber range exercises for compromised cloud scenarios
Finally, the best mission partners have capabilities to guide their agency teams in simulated cloud breach exercises. These pressure-testing exercises require not only design-thinking expertise and experience, but seasoned cybersecurity professionals who can brief executive leaders in elements both technical and strategic. These types of exercises can help demonstrate the value of an integrated and well-orchestrated cloud incident response strategy, connecting the work to the mission and building more resilient organizations in the process.
The 2022 Cost of a Data Breach Report conducted by Ponemon Institute and sponsored and analyzed by IBM, shows that over 40% of organizations are in the early stages or have not yet started deploying security practices across their cloud environments. Choosing the experts that can speak to the attacker’s perspective, have incident response experience, and can provide threat intelligence can help make a difference in an agency’s cyber resiliency.
“Agencies are tasked with defending in the most hostile operating environment we’ve seen to date,” said John Hendley, head of strategy for IBM Security X-Force. “Moving to the cloud often makes sense for operations teams, but like any advancement, it comes with its own risks and challenges. Specialized, holistic, and mission-driven expertise is important to build resilient cloud environments across agencies of all types—and to help navigate the risks that come with this journey.”
This content is made possible by our sponsors GDIT and IBM; it is not written by and does not necessarily reflect the views of Nextgov's editorial staff.