In July alone, the Centre for Strategic & International Studies recorded seven cyberattacks backed by or targeting government agencies around the world. The Albanian government, for instance, fell victim to a hacking attempt that took down numerous of its websites. Meanwhile, the British army had its social media accounts hacked and taken over.
The issues governments struggle with are similar to, yet distinct from, those in the private sector. Similar threats exist, including ransomware attacks, social engineering and a lack of expertise with new tech. But where the public sector differs is in the scope of risk, as governments are much more prone to state-sponsored attacks, says Sascha Giese, Head Geek at network management firm SolarWinds.
For governments to defend against well-funded, resource-rich hacker groups, their cybersecurity strategies must be correspondingly comprehensive. In the face of such threats, Giese suggests that a unified-view IT platform and time may offer solutions for better cybersecurity in government.
Increasing IT complexity
Ironically, the increasing risk of cyber-threats stems from citizens themselves and their insatiable demand for more convenient digital services, Giese says. As governments continuously seek to upgrade these services to better cater to people’s needs, the divide between front- and back-end systems will only grow.
An individual may have a shiny new mobile application to interact with government public services, but supporting the application in the background may be a 30-year-old supercomputer. “That gear was created a long time ago, and it wasn’t meant to deal with the current threat landscape,” Giese explains.
Governments may be particularly hesitant to replace such IT systems as they would have been an “insane investment” when they were first purchased, and it’s especially the case as government budgets come from taxes. “We don’t want our tax money to be wasted on some technology that’s of no use, so the cycle where new technology is being deployed could be a bit slower,” Giese says.
IT teams are then left with the challenge of trying to stitch the old and new together. “This is a recipe for disaster,” Giese says. “Securing communications between old and new, from everywhere, and all the time, is an extremely complex thing.”
Take things slowly
And IT environments are only getting more complex, a key concern raised by IT professionals, according to the latest IT Trends Report by SolarWinds. This can lead to gaps in an organisation’s security. “If we don’t understand our environments, our networks and our applications any longer, we have no chance to identify weak spots, risks or anomalies,” Giese explains.
While the problem may be complex, the solution needn’t be so. Giese suggests one simple way to help IT professionals boost the security of government IT infrastructure is to give them time.
Currently, many organisations involve only personnel directly relevant to the projects at hand. An agency looking to upgrade a network, for instance, may hire network experts. “But involving a security professional in the early days is a good way to mitigate potential problems right from the start,” Giese says.
Bringing in security professionals from the beginning gives them the time to research, study and understand the risks surrounding the new technology. This could mean spending a third of the day on forums discussing potential cyber-threats and another third on YouTube to understand how a specific technology works. “In the eyes of the organisation, this might be a waste of time because they’re not productive, but it’s really the opposite. Understanding the risks is the first step to preventing them,” Giese points out.
He also encourages government organisations to take their time with new technology and not rush to implement it. “The government’s budget is based on tax, so you have to be careful where you’re going to spend it. It doesn’t always need to be the latest and greatest,” he says.
Instead, governments can first observe how any new technology is working in the private sector. This way, when they’re looking to roll out something new, they’ll better understand the security risks, possible security measures needed, and how the technology can best benefit people.
There’s no 100% security, Giese says. “Instead of striving for perfection, it’s all about prevention and mitigation.”
To achieve this, organisations need to go back to the basics of having an inventory of all their assets and understanding the baseline performance of those assets. This allows for quickly identifying if there are any anomalies possibly indicating a security threat.
But this is challenging for many IT teams today, as different departments within organisations often work in silos. Organisations build teams in isolation based on their respective areas of expertise, which can result in a lack of communication and visibility across different departments.
For instance, if a problem arises with an application, a security team may decide it’s a network problem and beyond its purview. Meanwhile, the network department may feel the same way and view it as a security issue. This game of “hot potato” only causes persistent security gaps, as departments are constantly waiting for someone else to take responsibility.
To tackle this, SolarWinds created its Hybrid Cloud Observability solution to provide a singular source of information and truth for IT teams. “When all teams have access to the same data, it helps them work together,” Giese explains. A unified system breaks down cyber-walls across different departments, giving IT teams a view of an entire organisation’s IT environment and allowing them to pinpoint the root causes of problems easily.
For instance, if an application isn’t working as it should, SolarWinds Hybrid Cloud Observability can compare the time it takes for the network to transmit data versus how long it takes for the database to respond. This can give IT teams a solid understanding of where the problem originated, allowing them to respond more quickly to potential issues, Giese says.
Another primary concern that Hybrid Cloud Observability tackles is a phenomenon Giese calls “alert fatigue”, in which users are overwhelmed by a barrage of alerts across various devices and end up disregarding the important ones.
“We want to lower the number of useless alerts,” Giese says. This is where SolarWinds envisions integrating artificial intelligence capabilities into its platform as a possible solution. Besides merely detecting anomalies, AI can help determine potential causes of issues and send alerts only to relevant departments if action is required.
Although IT environments and security threats are becoming more complex, the solutions to these challenges often revolve around returning to the basic principles of time and understanding. Only when these cybersecurity foundations are strong will governments be able to withstand the ongoing barrage of cyber-threats.