Steve Orrin, chief technology officer and senior PE with Intel Federal, published his first article as a member of Executive Mosaic’s GovCon Expert program on Friday.
GovCon Expert Steve Orrin provides a look into the current cybersecurity space as it relates to artificial intelligence, machine learning and other emerging technologies influencing the federal sector.
In addition, Orrin discussed the recent statement from the Biden administration regarding the challenges of zero-trust implementation for federal agencies and his reaction to the current set of standards of the administration’s cybersecurity guidance in his first GovCon Expert feature.
You can read Steve Orrin’s full GovCon Expert article below:
President’s Warning on Cyberattacks, Part 1: How Enterprises Should Implement the Guidance
By GovCon Expert Steve Orrin
On March 21, President Biden issued a statement warning of imminent cyberattacks, backed by the Russian government, against the U.S. public and private sectors. The statement pointed to a White House factsheet that offers guidance on how both enterprises and technology providers can prepare for such attacks.
While the guidance offers sound high-level advice for shoring up cybersecurity, it provides little practical details on how organizations can implement the safeguards. Part 1 of this two-part series describes strategies for implementing the eight recommendations for enterprises. Part 2 will explore best practices for the five recommendations for providers of hardware, software and IT services.
1. Implement multifactor authentication.
Multifactor authentication (MFA) is an essential part of cybersecurity today. Classic MFA combines what you know (a password), who you are (a biometric) and what you have (a token or device). Modern MFA adds an out-of-band component to the traditional factors.
The out-of-band element can provide a higher level of security but more importantly, an easier to deploy and manage factor, the user’s smartphone/device. One simple approach is an SMS code sent to a smartphone. An even more secure method is a challenge-response step provided by an authenticator app. These approaches leverage a users’ existing device(s), providing a better user experience and in many cases, a more scalable option for MFA.
MFA ensures that passwords aren’t the only barrier to entry into your systems, applications and networks. It deters attackers from phishing users or guessing passwords. It also impedes malware that’s already on your systems from leveraging password-stealing technology and existing authentication channels.
2. Deploy tools to continuously identify threats.
The days of relying on antivirus as the only security mechanism are long past. Yet many organizations still lack modern technologies for detecting threats in real time.
Every organization requires active and continuous threat detection. Threat-detection tools look for anomalous digital activity and correlate it across devices and networks. They can identify both known threats and potential threats based on suspicious behavior.
You should apply threat detection at both the enterprise and endpoint-device level. Every available sensor should be activated, and both IT staff and automated tools should continuously monitor them.
3. Patch against known vulnerabilities.
Patching software isn’t the most exciting part of cybersecurity, but it’s among the most powerful. Effective patching helps you stay ahead of vulnerabilities and attacks.
In many organizations, the window of exposure from the time a vulnerability is disclosed till software is updated is far too long. That gives attackers too much opportunity to infiltrate your systems.
The solution is to automate the rollout and testing of patches. That will help you go a long way to closing the window between disclosure and mitigation of vulnerabilities.
4. Back up data and store backups offline.
Many recent high-profile cyberattacks have involved ransomware. Ransomware encrypts and in some cases destroys your data. The only way to recover is to clean your systems down to bare metal and then use backups to restore your data to a known good state.
To make backup and recovery effective, you need continuous backup and data synchronization. You also need to move backups offline so they can’t be reached by attackers or by malware that has gotten onto your systems. Finally, you need documented and tested procedures for recovering the data from your backups.
5. Conduct incident-response drills.
Many organizations have detailed plans for responding to a data breach. But then when a breach actually occurs, no one seems to know what to do.
The problem is that they never practiced. Just as K-12 schools conduct fire drills, enterprises need to run data-breach drills for IT teams, legal teams, PR teams, executives and users. Every stakeholder needs to know who’s in charge, who’s responsible for which actions, the order in which actions should occur, and so on.
Step through the entire process as if it’s a real event. Then document what worked and what didn’t, update your response plan accordingly, and run the drill again. The effort will pay off when a breach actually occurs.
6. Encrypt data throughout its lifecycle.
Many organizations recognize the value of data encryption. Often overlooked is the importance of encrypting data throughout its lifecycle, from creation to destruction. That means encrypting data at rest on storage devices, in transit on your networks, and in use in your servers.
If your data is encrypted at every phase, even if malicious actors break into your systems, they won’t be able to read the data. This data-centric approach to security focuses on protecting the data itself, rather than on safeguarding the equipment on which the data happens to reside.
Similarly, don’t neglect data retention strategy. Regulated organizations understand the need to retain data to remain in compliance. But they also should consider how they’ll discard data they no longer need. Discarding unneeded data reduces your attack surface and lowers your cyber risk.
7. Educate employees about cyberattacks.
Nearly every high-profile data breach in the past several years began with a user getting phished. Once credentials are compromised, attackers can get inside your perimeter and move laterally through your network
So, users are your first line of defense. Educate employees on cybersecurity fundamentals. They should know how to recognize when they’re being phished, not to share passwords, not to click on suspicious links or attachments, not to use USB drives of unknown provenance, and other security basics. Many free training materials, including videos with gamification, are available to help.
8. Engage with the FBI and Cybersecurity and Infrastructure Security Agency (CISA).
Every IT, cybersecurity and incident-response team should know who their local FBI contact is and how to get ahold of the regional CISA office. This information is available on the organizations’ websites. IT leaders should establish relationships with these people before a breach takes place. That will facilitate post-attack actions.
When a breach happens, immediately bring in the FBI and CISA. Get their help in figuring out what occurred or is still occurring. They see these situations regularly, so take full advantage of their knowledge and experience.
Hackers backed by adversarial governments might or might not attack your organization. But if they don’t, some other malicious actor will. Taking these eight practical steps now will go a long way in protecting you from breaches and optimizing your recovery if a breach occurs.
About GovCon Expert Steve Orrin
Steve Orrin is Intel’s Federal CTO and a Senior Principal Engineer. He leads Public Sector Solution Architecture, Strategy, and Technology Engagements and has held technology leadership positions at Intel where he has led cybersecurity programs, products, and strategy.
Steve was previously CSO for Sarvega, CTO of Sanctum, CTO and co-founder of LockStar, and CTO at SynData Technologies. Steve is a recognized expert and frequent lecturer on enterprise security.
He was named one of InfoWorld’s Top 25 CTO’s, received Executive Mosaic’s Top CTO Executives Award, was the Vice-Chair of the NSITC/IDESG Security Committee and was a Guest Researcher at NIST’s National Cybersecurity Center of Excellence (NCCoE).
He is a fellow at the Center for Advanced Defense Studies and the vice-chair of the INSA Cyber Committee.