Rawad Darwich, Regional Sales Manager, GCC, Network Solutions Sales (NSS) at Keysight Technologies, discussed, with tahawultech.com’s Deputy Editor Daniel Shepherd, the nature of security concerns facing regional governments.
Questions:
- What would you consider to be the top cybersecurity threats facing regional governments?
Advancements in technology are changing the way regional government entities engage with one another and the organizations and citizens that rely on them. With this transition comes a newfound dependence on network communication and security, enabling agencies to send, retrieve, store, and manage the data necessary for domestic and foreign affairs. Though new technology has made this more efficient, it also presents new threats and security vulnerabilities, compromising civilian and government data and opening the door to cyberwarfare.
Bad actors have resorted to tactics ranging from social engineering tactics and data breaches to more sophisticated APT attacks and ransomware. An IBM report revealed that the Middle East region incurred a new high of $6.93 million per data breach. Moreover, a recent industry report found that APT attacks saw the highest number of reports (among Middle Eastern countries) in the UAE, followed by Saudi Arabia. These attacks primarily targeted government agencies, followed by diplomatic institutions, education, and telecommunication institutions.
Ransomware’s success and profitability have dramatically increased the number of cyberattacks on government entities worldwide. The resources and assets that local governments control are often sensitive, critical to the functioning of society, and marked by security vulnerabilities.
A recent survey showed that ransomware, which emerged as the biggest regional cyberthreats, cost UAE organisations $517,961 in 2021.
- What makes these entities particularly vulnerable to cyberattacks? What might the long-term consequences of these regional threats be?
Modernization of government technology infrastructure has expanded the network perimeter and increased the attack surface for government entities. Potential entry points to a network include Internet of Things devices, Wi-Fi-enabled mobile devices, cloud applications, and remote offices.
Government agencies are under constant threat of cyberattacks. These cyberattacks have several consequences: financial loss, reputational damage, and compromised digital assets. The potential disruption of public services, exorbitant ransom, and loss or exposure of sensitive data are serious concerns for governments.
In addition, breaches can be high-profile events that undermine the confidence of citizens and business partners. To protect the expanded attack surface, security managers must understand the context of the traffic flowing within their networks and be prepared to act as soon as they have identified malicious or abnormal behaviour.
- How can governments stay on top of these threats and decrease security risks?
One of the crucial aspects of network security is preventing as many intrusions as possible by implementing a solid security architecture.
Inline security solutions are a high-impact strategy governments can use to combat security threats. These programs examine incoming data packets for known malware, ransomware, and other threats in real-time. These solutions can block up to 90% of incoming security threats before reaching the network.
However, governments need total visibility into all network components to complete this task.
Seeing only a portion of the data is insufficient as the tool can overlook invasions. Governments should deploy taps at crucial locations throughout their network and then aggregate and filter that material so that their security tools (IDS, DLP, SIEM, and so on) receive exactly the appropriate data at the right time point out any anomalies or suspicious actions. The tap and packet broker combination provides the visibility required to ensure that the organisation’s security tools are as successful as possible. Finally, the third line of defense is to validate the security architecture regularly. This entails deploying a breach and attack simulation (BAS) system to test defenses against real-world threats in a safe manner. Rather than reactively responding to cyber-attacks, proactive testing of cyber defenses is needed to reduce risk and minimise consequential losses.
- Could you explain to our readers how regional governments can strengthen their security infrastructures?
Responding to modern cyberthreats requires a solid security architecture with modern defenses.
The following fundamental mind shift must happen for government CISOs, ISSOs, and their teams: network visibility is network security. Security tools and technologies are only as good as the network data they receive for analysis. If governments cannot recognize the threat, then they cannot defend against it. If they cannot recognise the intrusion or breach, then they cannot stop it and mitigate the damage. And if they don’t know what systems were affected, they cannot be certain that they’ve recovered to a secure state. A best practice is to also integrate your security architecture with a network visibility (monitoring) architecture.
The foundation of strong network security is total network visibility. A visibility architecture allows cyber security agencies to collect and correlate network traffic across various locations, data renters, and the cloud into a unified visibility layer that can serve network and security tools supporting the LI data required. With this two-pronged approach, regional governments will be able to initiate a proper threat response and protect their mission-critical infrastructure.