In the 1999 film The Matrix, sinister machines take over human bodies to hunt down computer programmer Thomas Anderson and his crew. Cybercriminals today have employed a similar technique by stealing trusted credentials to disguise themselves as employees, then entering sensitive networks and systems.

Governments face an escalating arms race against cybercriminals today. The stakes are high, and there is “no room for error”, says Michael Porfirio, Senior Director of IT Transformation Solution Consulting at ServiceNow, Asia-Pacific Japan.

He discusses the challenges ahead for governments, and how AI and automation can help to prioritise cyber response.

The stakes are high

Governments face similar cybersecurity threats to the private sector, but “with a lot more at stake”, says Porfirio. One breach could expose millions of citizens’ personal data like identification numbers and credit card information – and leave citizens at risk of identity theft. Governments also lose citizens’ trust and credibility.

One of the biggest cyber threats facing governments is “state-sponsored attacks targeting critical infrastructure” such as transport, power grids, and water treatment plants, Porfirio says.

COVID-19 further complicates governments’ threat landscape, Porfirio says. The pandemic “forced the acceleration of many agencies’ digital transformation”. Cybercriminals are taking advantage of any gaps in security posture amid this rapid digitalisation.

The pandemic has also highlighted the “security deficit” in many agencies, he adds. This is an opportunity for security teams to “challenge any pre-conceived assumptions” and prepare their teams for unexpected security challenges.

Prioritise threats and automate response

Governments must be able to prioritise their cyber response to handle today’s complicated threat landscape, Porfirio says. Security incidents are “ever-increasing”, making it mission-critical” for analysts to eliminate false positives and focus on protecting the crown jewels of the agency.

AI can help security teams get to the actual threats fast and proactively respond to vulnerabilities, he says. Machine learning can determine if the agency has responded to a similar phishing report in the past, for instance, and execute that same response to a current threat.

Automating mundane tasks, like assigning vulnerability levels to different threats, will also help agencies focus on responding to the most critical security incidents.

Porfirio advises agencies to look at the way teams are structured. IT, risk, and security teams are often siloed and work on different systems. He advises these teams to share information to coordinate an organisation-wide security response.

ServiceNow works with government security teams to enhance visibility into critical data, so they don’t miss cyber threats and can respond to vulnerabilities with agility. The Now Platform and solutions automate tasks like prioritising threats and providing context on the threat. When security incidents are resolved, a review is automatically created to help the organisation understand their security posture.

Overcome data residency requirements

“Digitisation must be balanced against the genuine concerns about protecting sensitive data from more sophisticated threats,” says Porfirio. Data residency requirements, or the need to host data within the country, may pose a challenge to governments looking to innovate, he adds.

That requires agencies to pay close attention to how their data is stored, and can limit innovations from using data in the cloud.

The Now Platform resolves this dilemma, as it has recently been made available on Microsoft Azure in Singapore. That allows Singapore’s agencies to keep at-rest data secure inside the country,and still have the flexibility to use the cloud to scale and innovate quickly.

Cyber threats are bound to continue increasing in scale and complexity. With the right tools and teams on their side, governments have the opportunity to emerge ahead in this arms race.