Adopt a Multi-Pronged Approach to Prevent Cyberattacks

Whether the work of sophisticated hackers or agency employees clicking on seemingly innocent links, the number of cybersecurity incidents continues to rise throughout the federal government. According to a study by the Government Accountability Office (GAO), the number of information security incidents reported by federal agencies rose from just 5,503 in FY 2006 to 67,168 in FY 2014 —a 1,121 percent increase.

The result of this rising threat level is far-reaching. It ranges from exposure of sensitive information and corruption of critical systems to devastation of national security —not to mention significant expense.

There are many reasons why cybersecurity incidents continue to rise despite agencies’ efforts to detect and resolve incidents. One major factor is the increasing creativity of hackers. As soon as one type of threat is detected and remediated, a newer, more sophisticated type of attack takes its place.

And despite deploying more powerful and sophisticated technology to fight these cyberattacks, most agencies still have some manual processes. Also, not all information security technology and processes in place are fully integrated.

Detect and Respond

Improving cybersecurity requires attacking the problem on two fronts —detection and response. While there has been improvement in both areas throughout the government, such as greater use of two-factor authentication and continuous monitoring, there is plenty of room for additional improvement.

According to the GAO report, most federal agencies do not fully document their incident response activities. While most agencies document them to some extent, such as identifying the scope of the incident, they often didn’t document the impact of the incident or actions taken to prevent the incident from recurring.

A comprehensive incident response strategy requires having the most effective possible security toolset. That means employing not only tools like log analysis, SIEM, intrusion detection, network analyzers, vulnerability scanners and Web proxies, but also incorporating functions like analytics and visualization, intelligent packet capture and retrieval. By using an integrated set of tools and functions, agencies will be able to better understand how long the organization has been under attack, how the attacker entered the network, and the extent of the damage.

While those types of tools are critical to effective incident response, they won’t do the job without an integrated, “big picture” approach that applies to personnel as well as technology. On the technology side, automating as much of the process as possible and ensuring all tools are fully integrated and visible to each other is crucial. Whether cybersecurity personnel are internal or part of an outsourced service, they must be highly experienced and trained.

By taking all these steps, a federally funded research and development center was able to thwart increasingly sophisticated cyberattacks. It’s using technology that detects and stops advanced attacks on endpoints by dynamically analyzing traffic, blocking communication and quarantining malicious files. It can also contain systems and remediate them remotely. As a result, the organization has been able to better protect its systems and data.