Four Takeaways on Cyber

It’s a big, bad world. So what do agencies need to know that can help them improve cybersecurity? At the Symantec Symposium, these key ideas to improve security resonated with an audience concerned that they will be the target of the next attack.

1.    Take a broader view.

“Identify and protect” used to represent a standard approach to cybersecurity, said Symantec Senior Vice President and Chief Information Officer Sheila Jordan. But it’s not effective any longer, she told the Symantec Symposium recently.

“Identify and protect is where we have historically been, and for a long time that served a great purpose. But now we need to move to…‘detect, recover, and resolve’ as fast as we possibly can,” Jordan said. “I want to detect, recover, and resolve an incident before a person even knows what happened.”

2.    Build your insider threat program.

The insider threat is real, but the public sector has work to do, said Steve Smith, Insider Threat Program Coordinator at the U.S. Department of State.

“We’re nowhere near where we need to be,” said Smith.

Organizations that want to build an insider threat program should focus on what data they want to protect and then put the technology in place to keep it safe, said Government Acquisitions Chief Technology Officer Prem Jadhwani. That includes encrypting it and using two-factor authentication.

Institutions also need to understand which employees have access to the data that requires protection.

Not every data breach is the work of a malicious insider. Organizations have a harder time protecting data from well-meaning employees who unintentionally expose information or systems to risk. Well-meaning vendors can also slip and disclose data accidentally – 22 percent of data breaches last year resulted from employees accidentally making data public, while only 8 percent were the result of insider theft, according to Symantec’s 2015 Internet Security Threat Report.

3.    Leverage Continuous Diagnostics and Mitigation (CDM).
Einstein is reeling, and agencies need help. Agencies are anxious for the Department of Homeland Security’s CDM program to reach all agencies. The program now covers about half of government networks, with the goal of having full coverage by the end of Fiscal Year 2016, said Andy Ozment, assistant secretary of the DHS Office of Cybersecurity and Communication.

That’s good news.

“We have seen some significant benefits from CDM,” said Rod Turk, Chief Information Security Officer, Department of Energy.

4.    Don’t forget the data.
Data and analysis are crucial, and malware represents one of the most important pieces of information for law enforcement in a cyber investigation, Allison Tsiumis, section chief with the Federal Bureau of Investigation’s Cyber Division, said at the Symantec Government Symposium. Malware can reveal a lot of information, so law enforcement:

•    Maintains a current inventory of known malware
•    Tracks which malware threat groups use to carry out attacks
•    Reverse engineers malware once it’s identified and contained to see how it works and what it can do

Law enforcement must also understand the TTPs of cyber criminals – their tactics, techniques, and procedures – including:

•    Who the hackers target
•    When they launch an attack
•    How they carry out attacks
•    What method they use
•    What data they target

Connecting all these dots can help law enforcement achieve their goal of identifying hackers and, perhaps, capturing the bad guys. Understanding the questions law enforcement attempts to answer in a cyber investigation can help Federal agencies improve cybersecurity going forward because the questions offer guidance on how to respond following an attack.

Analytics can help agencies look at the mountains of data coming in from various sources and correlate the data to detect anamolies. Analytics can help agencies combat insider threats, external attacks, including Advanced Persistent Threats (APTs), malware, and zero-day attacks.

“I see big data as a perfect solution to solve cyber problems,” Jadhwani said.

Learn more: read Symantec’s Internet Security Threat Report or see a list of all session podcasts.

And let us know how your agency tackles cybersecurity.

Feel like sharing something Noteworthy? Post a comment or email me at bglanz@300brand.com.

Bill Glanz is the content director for MeriTalk and its Exchange communities. In the past 14 years, he has worked as a business reporter, press secretary, and media relations director in Washington, D.C.