As we look ahead to another year, there are a few areas of interest that stand out above the rest when it comes to government IT. The security and integrity of data – both at rest and in motion – will, without a doubt, be top of mind for federal IT leaders in 2017. In fact, Forrester predicted that President-elect Trump will face a major information security incident during his first 100 days of office. How can government IT leaders prepare for this? Below, we’ve put together a few tips to help agency CIOs and CISOs build a solid data security strategy for 2017 and beyond.
Think Big Picture
More often than not, federal agencies are responding to crises on the fly without a firm plan in place. Take the OPM breach of 2015 that was the cause of identity theft for 21 million government employees and contractors. At the time, there were no set plans in place for addressing this degree of cyber attacks. In the future, such large scale attacks may be better managed with the right teams and strategic plans in place. According to Mike Dye, Chief Technology Officer for Civilian Agencies at NetApp, fewer than 20 percent of breaches are discovered within days, with most being discovered within 6 months of the incident. “One way that agencies can reduce the time to remediation is by thinking of the big picture and preparing for an attack or breach. By setting a goal or vision for information security and arranging priorities, resources, and people around that vision, agency IT leaders can be better prepared to respond.”
Once that vision is established, agency leaders need to decide how to put it into action. Because of the unpredictability of attacks – both in technique, timing, and targets – comprehensive strategies need to be established and practiced on a regular basis. Dye’s guidance here is to create playbooks based on lessons learned from past incidents, or other agency experiences, that weave successful data defense, protection, and remediation strategies into all aspects of IT. As Mike says, “playbooks should be put in place so IT leaders are not responding in the midst of crises. Instead, they can take lessons learned from prior attacks and use past intelligence as a guide for incident response.”
Agencies should also be looking at what norms can be created this year and in the future around data security. Historically, the federal government has not been successful in defining what activities constitute acceptable activities in cyber space and those that cross the line into espionage. This ambiguity needs to change and 2017 is when it must happen. In doing so it will help the federal government and individual agencies to triage attacks and remediation, analyze and apply lessons, and hold attackers accountable.
Choose Reliable Solutions
Agencies must have the right products, services, and support in place to ensure that they are providing best in class protection, mitigation, and forensic analysis. According to Tom Rascon, Chief Technology Officer, Department of Defense and Intelligence, US Public Sector, NetApp, “CIOs need to go beyond just traditional prevention tools and should focus on a platform that can extend monitoring and detection capabilities.” He continued “by collecting data from a wide range of sources in real time and enabling unbounded searches and queries, they can gain insights and find hidden patterns quickly to identify malware, respond to incidents, and look for inconsistent behaviors.” NetApp offers a variety of data security features natively in its storage solutions. For example, ONTAP9, includes role based access controls, auditing tracing and logging, and firewalls. Another way NetApp manages security threats is through their Product Security Response Team, who is responsible for end-to-end coordination and management of product vulnerability investigation and incidence response. By using a methodical approach to incident management, the team manages public disclosure of vulnerabilities and also keeps software current.
Focus on Ransomware
In 2017, ransomware attacks by professional hackers are expected to increase, especially those targeted to mobile devices. Because ransomware and those who launch these attacks leverage insider access, taking the time to review data access policies and privileged user status should be a priority action for every CIO and their team. In a recent webinar hosted by Sheila FitzPatrick, Data Privacy Counsel, and Chief Privacy Officer at NetApp, and David Gibson, VP of Strategy and Market Development at Varonis, they discuss best practices in securing your agency from ransomware in greater detail. You can view a recording of the presentation here.
Need 10 good reasons to talk to NetApp about how to protect your data and storage environment from ransomware? You can find them here.