With continuous reliance on digital technology, frequency and cost of security breaches and data misuse constantly rise. This, in turn, prompts companies to spend high amounts of money on developing and implementing security solutions. Cybersecurity market keeps growing and is expected to reach $101 billion in 2018 according to Gartner.
Governments are also big spenders on the market. US government, for example, included $14 billion to spend on cyber security in 2016 budged, more than any other participant in the industry.
However, recent study by SecureScorecard found that US government institutions demonstrate the weakest results among 18 other industry verticals when it comes to cyber security and protection from government cyber attacks. Other available data seems to paint a similar picture. Study by the Government Business Council indicates a considerable drop in confidence in federal government cyber security. At the same time, Government Accountability Office report found that the number of security incidents in federal agencies grew considerably (from 5500 in 2006 to more than 67000 in 2014) and will most likely keep growing, while reports from independent audit firms also suggest that the number of federal agencies failing to adhere to security standards also keeps growing. Rest of the world demonstrates similar trends – while spending on security are relatively high, it is not very effective.
Major factors holding back effectiveness of government security
The fact that government cybersecurity strategies demonstrate limited effectiveness despite considerable spending can be explained by these several major factors:
Constantly emerging new, more sophisticated threats. This is not something unique to the government sector, but rather a general cyber security problem. New threats and ways to attack emerge faster than security specialists and vendors know how to react to them. This is mostly caused by the constantly growing surface area of attack with more and more companies, websites and connected devices out there, but also by the fact that it is easy to obtain required knowledge and resources for such an attack.
Low security budgets. Despite seemingly large spending on security on the government scale, each state and local institution gets only a small portion of that money. It is usually not enough to employ the proper IT security solution capable of providing sufficient protection and react quickly to the emerging threats.
Lack of security specialists. This factor stems from low budgets. With the demand for qualified personnel on the rise, government institutions simply cannot offer competitive rates as compared to commercial sector. High amount of practical knowledge and experience is a must in this field, and is something that a lot of government security specialists are lacking.
Too much compliance regulations. Despite the lack of funds and qualified personnel, government institutions are still required to comply with a large number of security regulations. Such compliance then becomes a focus for an organization, leading to a policy-based approach to cyber security that brings its own set of problems.
Drawbacks of policy-based approach
Policy-based approach is fixated on checking out the boxes – making sure that certain compliance requirements are achieved. It does not require an organization to actually assess risks and fix existing security flaws. As a result of policy-based approach, government institutions are often suffering from:
Failure to update software on time. Most government institutions do not update when it is not required by regulations. Failure to keep software up-to-date leaves organization with the software that contains large number of vulnerabilities. Often even government cyber security solutions can stay outdated.
Failure to fix existing security flaws. Most compliance regulations do not require government organizations to fix already existing security flaws and vulnerabilities. Computer security solution required to fix such flaws usually costs money that most organizations decide to save, leaving these vulnerabilities as is. Such actions put sensitive data at risk of being stolen.
Failure to properly accommodate insider threats. Most compliance regulations require some form of access management, but not every government organization employs a comprehensive user monitoring solution to control access to critical data. Insider threats are a complex issue and combination of effective security policy and user monitoring solution is needed for an effective detection and prevention of such threats.
Government institutions and the danger of insider threats
While government network security and solutions to cyber terrorism are a major concern for US government cyber security, the case of Edward Snowden clearly showed that the biggest threat comes from within. And while most government organizations employ detailed background checks, it is hardly enough to prevent an insider attacks.
Data leaks and data misuse can prove very costly. What is more important, is the fact that the actions of malicious actor are indistinguishable from a regular working routine of a loyal employee, which makes them very hard to detect.
While access control does help, a more holistic approach to insider threats prevention is required. Such approach should include:
Formal security policy. Government staff needs to be informed about the dangers of insider threats and best practices to prevent them. Formal policy that clearly prohibits dangerous actions, such as password sharing, using USB sticks at work, etc., needs to be created and effectively enforced. Employee awareness is the first step in improving security posture of a government organization.
Access management solution. Access management is a basic precautionary measure stopping unauthorized personnel from accessing sensitive or restricted data. Employees should have clearly defined access privileges and all access should be denied by default unless needed.
User actions monitoring. The only way to detect and reliably prevent insider threats is to be able to see and record every action user takes while working with sensitive data. User action monitoring solutions are paramount to an effective data misuse prevention.
Read also about the best practices of network security.
Ekran System – user monitoring solution for government institutions
Most user monitoring solutions come with a large drawback, preventing government institutions from using them. They are too expensive and with already tight budged, not every agency or organization can afford one, especially for a small deployment.
However, Ekran System is an exception to the rule. It is a comprehensive user monitoring solution capable of recording every user session, regardless of the used applications, network configuration, or the level of privilege that user has.
It provides searchable indexed video recordings that are easy to analyze even without specific security tech skills and can help responsible personnel to quickly identify the source of malicious actions. It also includes a number of incident response tools, allowing security personnel to block malicious live sessions manually, or automatically block USB devices on connection.
One of the biggest advantages for government institutions is the flexible licensing scheme that Ekran System employs. This scheme allows to flexibly adjust costs according to the deployment size, making it effective for organizations of every size, and easily transfer licenses between end-points for focused investigations.
This allows Ekran Systems to serve as an efficient and effective user monitoring solution for government institutions worldwide, providing insider threat detection and prevention capabilities and helping to save costs.