State and local governments will be prime cyber targets in 2022: How to stay protected

Cybersecurity in 2021 was defined by a significant increase in high-profile attacks that affected all levels of government, from federal to state and local.

As recently as December 2021, cyberattacks on state and local government’s key networks continue to occur. The recent string of malicious and dangerous attacks demonstrates an active threat to the critical infrastructure of state and local governments.

Research from Comparitech showed that in 2020, 79 ransomware attacks were executed against U.S. government organizations, totaling an estimated $18.88 billion in downtime and recovery costs and illustrating the severe risks that state and local governments face when it comes to cyberattacks.

Progressing into 2022, it’s clear agencies must be prepared to proactively protect themselves against cyberattackers by using comprehensive security solutions capable of providing protection from endpoint devices to the cloud.

Isolated, on-premises tools are no longer enough to tackle ever-evolving cyberthreats. To truly ensure secure networks, agencies must practice good cyber hygiene while investing in integrated platforms and solutions that can secure data at all access points.

Securing overlooked gaps
Years ago, attackers would use techniques like brute force attacks to find small cracks in an organization’s security, then exploit that entry point to take the entire infrastructure. While attackers still use this method, there are myriad other discreet ways for cybercriminals to find their way in.

Compromised credentials continue to pose a risk—Lookout’s Government Threat Report found more than 70 percent of phishing attacks against government organizations sought to steal login credentials, a 67 percent increase from 2019. The same report found that in 2020, one in 15 federal, state and local employees were exposed to a phishing attempt.

To protect their networks, state and local governments should begin to implement integrated, endpoint-to-cloud security solutions that provide increased visibility on the network by proactively and automatically monitoring for threats.

With remote work likely to continue, considering historically overlooked mobile devices is essential. Apps on personal and work-related mobile and other network-connected Internet of Things (IoT) devices constantly communicate with different entities and systems. Often, the interactions are not monitored, amplifying already exposed security gaps. For example, many organizations use HR software to send employees’ personal and financial information to payroll systems. Once the apps are connected, organizations often do not continue monitoring for changes in behavior.

Additionally, apps commonly used to collaborate with colleagues such as Workday, Microsoft365 and Slack can all present security gaps that cybercriminals can exploit, as evidenced by major events like the 2020 SolarWinds hack, whether because agencies aren’t monitoring activities on these platforms, new zero-day vulnerabilities are discovered by malicious actors or because security patches haven’t been implemented.

Something as simple as sharing a document with a compromised machine or malicious individual can lead to an opening for cybercriminals to infiltrate the network. Once on the network, a bad actor can easily move laterally and undetected through the enterprise’s technology infrastructure.

Creating a secure network
To help safeguard these networks, cloud security solutions, such as Secure Access Service Edge (SASE), can provide the comprehensive coverage that is necessary for state and local governments to defend networks and IT assets moving into 2022.

SASE works to enforce security policies in a manner tailored to identity by contextualizing and continuously monitoring activity, changes and risk in the cloud and cloud-based apps. As a result, SASE secures access to an agency’s cloud network regardless of the device requesting access or the location of the employee or device.

Other cloud-based security solutions, such as Cloud Access Security Broker (CASB), Zero Trust Network Access (ZTNA), Data Protection, Enterprise Digital Rights Management (E-DRM), Exact Data Match (EDM), Secure Web Gateway (SWG) and Optical Character Recognition (OCR) can also help keep track of new workflows while accounting for the device or location.

When combined, SASE and its related solutions help mitigate phishing, malware and ransomware threats by providing one overarching solution that supports continuous verification through combined cloud security solutions.

The necessity of automation
A critical benefit of SASE and other cloud solutions is their ability to provide continuous monitoring to safeguard networks for clients with limited technology resources.

State and local governments are by nature smaller than well-funded federal agencies but are no less of a target for cybercriminals. To combat this issue, state and local governments must recognize the need for threat-hunting capabilities, also known as detection and response.

Manually searching for threats within a network can be tedious and lead individuals to miss well-hidden threats. Tools like User and Entity Behavior Analytics (UEBA) can help automate this process by monitoring users’ typical behavior and flagging deviations from routine patterns using machine learning and data analytics.

Organizations such as the U.S. Office of Management and Budget (OMB) are taking notice of the need for automated solutions and are working to address it by providing funding guidance designed to help agencies adopt threat-hunting capabilities.

State and local governments are also following the federal government’s lead when it comes to improving cybersecurity. According to a new survey from SolarWinds and Market Connections, out of 400 decisionmakers from federal, state and local and education sectors, 86 percent said they were likely to incorporate best practices and activities laid out in the Biden administration’s cybersecurity executive order.

Interest in zero trust solutions is also on the rise, with 78 percent of respondents claiming they are either implementing their strategies based on the cybersecurity paradigm or are modelling their approaches based on zero trust best practices, a 14 percent increase from 2019.

Among the top motivators for the shift among respondents were breach protection, data protection and reducing security threats from the endpoint and from IoT devices.

Agencies can look to new tools help blunt rising cyberattacks
In 2022 we’ll likely see continued cyberattacks against state and local governments. However, with this cadence of threats comes advancements in new and proactive cybersecurity solutions.

Teaching employees cybersecurity best practices alone is not enough to defend against malicious attacks as remote work continues to increase interconnectivity and heighten security gaps.

Leveraging best practices and implementing automatic monitoring solutions such as SASE and UEBA can help ensure network safety, address often-overlooked gaps such as mobile devices and secure everything from the endpoint to the cloud.

Tony D’Angelo leads the Americas public sector team at Lookout, bringing more than 30 years of experience in the IT industry. Prior to joining Lookout, D’Angelo held various sales leadership roles at Proofpoint, Polycom, Brocade and Nortel. Originally from New York, Tony received his Bachelor of Science in mechanical engineering from the University at Buffalo and has spent his entire professional career in Washington, D.C. Having joined Lookout in 2019 to lead the Americas commercial enterprise team, he now heads the combined federal-SLED business unit.