The accelerated digital transformation that public sector organizations have experienced over the last year has had a profound impact on the ability of these agencies to meet their mandates. Virtually delivering vital services to their constituents and supporting a dispersed workforce faced with work-from-home edicts are but two examples of the gains made in this unprecedented period of history.
Unfortunately, malicious actors also made significant gains. Advanced persistent threats and targeted attacks have also reached new levels. These attacks threaten the mission, add risk to services and public safety, and stretch already lean institutional budgets to the brink.
No Shortage of Wake-Up Calls
You don't need to look far for real examples of this new reality:
- State and local governments are being targeted by ransomware gangs using multiple extortion tactics, including the threat to publish highly sensitive data.
- Ransomware gangs like DarkSide have extorted millions of dollars from victims with recovery costing an average of US$1.85M from lost productivity, lost opportunity, and losses from ransom paid.
- State-sponsored cyberattacks exploit zero-day vulnerabilities or previously unknown software flaws, like the Microsoft Exchange Server hack that affected nearly 30,000 organizations in early 2021. Many of these were small towns, cities, and local governments.
Public sector institutions—at federal, state, and local levels—are prime targets.
The criticality of public sector services and widespread dependency on their infrastructure create ideal conditions that ensure a willingness to pay cybercriminals. So much so, the Biden Administration's May 12th Executive Order on Improving the Nation's Cybersecurity cites "persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector" as the national security driver for its signing.
A Razor-Thin Margin for Error
In light of these constant reminders, public sector IT and cyber operations need to revisit long-standing incident response processes. We can no longer wait for an incident that escalates to a war room to drive collaboration between NetOps, SecOps, and now CloudOps teams.
The sophistication of advanced threats, supply chain attacks, and new attack vectors created by ballooning surface area means that every public sector organization must assume they will be compromised.
Once breached, time is of the essence to prevent catastrophic damage. Waiting on disconnected investigation teams and fragmented tools affords threat actors more opportunity to act without being detected.
It is time to break down traditional silos between IT functions and embrace NetSecOps.
Getting Started with NetSecOps
The time is now for truly collaborative NetSecOps across public sector organizations. As described in this new eBook:
"NetSecOps is the collaboration between the Network, Cybersecurity, and Cloud teams to reduce the friction that can delay a response to either a security incident or an application outage—which potentially risks the institutional mission or causes monetary damage."
The recent DarkSide attack detailed in this video by ExtraHop's Josh Snow further illustrates how advanced threats manifest as either security or performance issues. Only through closer collaboration between teams can these seemingly disparate signals be rapidly correlated, and only through shared network data can organizations experience increased responsiveness to deliver a fast and secure experience for citizens and staff alike.
Learn more by reading this new public sector edition of our eBook: Why the Time Is Right for Network and Security Collaboration.