Cyberattacks reveal the truth about network vulnerability

The cyberattack on Colonial Pipeline Co. and similar recent attacks such as the SolarWinds breach (which impacted several government agencies) revealed major vulnerabilities in government cybersecurity protocols and critical infrastructure systems, resulting in immediate action to be taken by the White House. If there’s one lesson to be learned from these breaches, it’s that organizations of all sizes and industries must do everything they can to protect their infrastructure, environments, and networks. Organizations deal with threats to their environments every day, whether it’s employee remote access to internal systems or access granted to third-party vendors who perform outsourced business operations. There’s no shortage of avenues for hackers to exploit - especially for large and susceptible targets like the government and critical infrastructure.  That’s why the new Executive Order is a change agent in the cybersecurity industry. Organizations are apt to stick to what they know when it comes to cybersecurity, which tends to be old security methods and legacy systems. The Executive Order is forcing the federal government into new cybersecurity approaches and setting an example for other organizations to re-evaluate their current strategies and systems. As cybercriminals advance in methodologies, technology teams need to treat their security strategies differently - starting with external access permissions and privileges. 

The third-party effect

Third-party relationships are nearly inevitable in business, and this includes the operations of government institutions as well. Using third-party vendors to run simple, daily operations is not an uncommon practice. But it is a threat.  Within the last year, nearly half of organizations have experienced a cyberattack caused by a third-party vendor. The effectiveness of hackers using third parties to infiltrate internal networks is still seen in attacks on the government and critical infrastructure systems. Increased connectivity, not only from third-party remote access points but also from a growing IoT, has increased all the possible ways an attacker can exploit entry points into software and systems. With so many avenues of attack, how are vulnerable systems and infrastructures able to stay proactive and protected against emerging threats like these? It’s not enough to depend on outdated cybersecurity practices and hope for the best; this was displayed in the government’s quick action on releasing the Executive Order. The only way to really know the threats emerging from sophisticated and advanced hacking methods is by assessing all points of vulnerability. This includes those holes in the cybersecurity walls of your organization poked by third parties who are granted privileged access. Inventorying third parties and the amount of access they have, then managing and controlling their permissions are the first steps in taking back control over your remote access points. Knowledge is power, and knowing who your third parties are, what they’re doing in your system, and how much access they have is powerful weaponry when planning cybersecurity protection. 

Engage all defenses

Hackers are up for a challenge. They’re not afraid of Executive Orders, firewalls, or lengthy passwords. They’re also all about working smarter, not harder, which is why breaching a third party’s remote access connection is a goldmine. Once they hack one vendor’s remote connection, they could potentially access dozens, hundreds, or thousands of networks, depending on the third party and all the customers they serve. It’s also why government networks and critical infrastructures are so appealing - it’s a much bigger bang for their buck. If they’re able to hack into one of those systems, they’re able to do exponentially more damage that will have lasting, damaging, and, for them, profitable results.  Visibility, audit, and control One of the best ways to detect suspicious activity on your network is to actually see the activity happening in your internal systems. Network visibility is inherent to protect against cyber threats that come from external actors. A cybersecurity platform that monitors all activity makes sighting unusual activity even more efficient and allows security teams to implement incident response plans even more quickly.  Auditing and logging take network visibility one step further. In the case of a cyber incident, audits and logs of vendor activity tie network behavior back to an individual, meaning accountability is already established and blame cannot be placed on the wrong party. This feature is so important to protecting the vulnerabilities in government that it was mentioned as one of the steps of defense in the President’s Executive Order. Knowing what’s happening on your network and having documentation supporting third-party activity helps identify, analyze, and manage potential cybersecurity threats. Zero Trust Network Access The biggest and most influential cybersecurity practice needed for governments and organizations is Zero Trust Network Access. A cybersecurity strategy without Zero Trust is like trying to build a house without a blueprint: It’s bound to fail.  The Zero Trust model operates off the principle that all users are threats (not trusted) and require extensive authorization before being permitted connectivity into a network. The Executive Order gives a specific call for organizations to implement a Zero Trust approach to mitigate cyber risk and contain damage if a cyber incident occurs. It accomplishes this by using granular controls and permissions so organizations can restrict third-party remote access to only the application needed by the third party and nothing else. It allows third-party reps to get in and out of the network, only accessing what they need and performing the job they need to do without any visits to other parts of the network. 

A time for change

Considering that the Cybersecurity and Infrastructure Security Agency (CISA) focuses primarily on securing networks from cybercrime, fighting/preventing cyberattacks, and protecting critical infrastructure, the federal administration’s response to the Colonial Pipeline hack was a combative step in the right direction. While the mandates outlined in the Order are directed towards employees of the federal government, they set the standard by which all cybersecurity rules should follow. We hope the Executive Order serves as a wake-up call for organizations of all industries: Change your cybersecurity strategy - for the good of your organization and the people you serve. This article originally ran on GovTech.