A recent article by SecurityWeek confirms reports that the U.S. state and federal government's cybersecurity standing is ranked 16th out of 18 industry sectors. Commenting on the report, Sam Kassoumeh, COO and co-founder at SecurityScorecard, said, "On an almost daily basis, the institutions that underpin the nation's election system, military, finances, emergency response, transportation, and many more, are under constant attack from nation-states, criminal organizations, and hacktivists. Government agencies provide mission-critical services that, until they are compromised, most people take for granted." It is very concerning that these critical public sector organizations are some of the most vulnerable to cybersecurity attack.
Istonish is proud to work with the Colorado Statewide Internet Portal Authority (SIPA) to provide Managed IT Services and Security Assessments to Government Entities and State Municipalities. Based on 21 NIST industry standards (grading for impact and urgency), Istonish has created an assessment that not only yields a “point in time” appraisal of the current security profile of the organization, but also a detailed and prioritized list of remediation recommendations.
Working frequently with these organizations, I have identified several cybersecurity trends and common vulnerabilities. My top 5 recommendations to improve public sector cybersecurity are outlined below.
- Make sure you have patching consistency
Patches are one of the most important cybersecurity tools and they should be used whenever a security vulnerability is discovered. I recommend performing quarterly security assessments to determine which systems have vulnerabilities. Your inventory of all production systems should include the following:
- OS Types
- IP Addresses
- Physical Location Function
It’s also important to make sure that application and firmware versions are consistent. I always recommend performing a risk assessment on mission critical production systems, which will allow you to determine which systems need to be patched first. Based on this risk assessment you can put together a patching schedule.
- Configuration is important!
Utilize a tool (such as CIS-CAT) to gather a benchmark configuration. Nessus by Tenable Security can also be used to determine any configuration changes that will make your system less vulnerable. Developing standard practices, procedures, and baseline builds will help ensure that configurations are consistent across all production systems. I suggest periodically auditing your procedure and the baseline builds that are being utilized in production.
- Don’t underestimate the importance of end-point security
All end user workstations should have endpoint production installed, whenever possible. Do your research to determine the best endpoint protection tool for you. It is also recommended to utilize mobile security on company issued devices. Endpoint protection should be managed by a central server and alerts should be configured so that you are aware of any attempted compromise. Auditing all endpoint protection on a scheduled basis will help you determine wether or not you are in compliance with the latest versions and signature updates. Another best practice is to utilize disk encryption on any sensitive information on a device (such as financial, PHI, PCI, etc..)
- Make sure your employees have security awareness
Security Awareness is an often overlooked, yet very important, component to company security. Awareness can range from basic fundamentals to more advanced concepts, depending on the level of risk at a company. Topics to discuss with employees could include (but not limited to):
- Secure password creation
- Safe e-mail use
- Safe browsing habits
- Importance of backups
- Mobile device security
- Safe online shopping
- Using a hotel connection
- Last, but not least, make sure you have network security
Having a robust security fabric is important. This includes (but should not be limited to) the following:
- Next Generation Firewall
- Anti-Virus/Anti-Spam Mail Appliance
- Encrypted mail solution
- Endpoint management server
Configure analytics tools so that you are aware of any attempted compromise and configure your firewall to generate logs and store them on a remote server for auditing purposes. Best practice would be to store those logs for at least 12 months. This could require a considerable amount of storage.
The Istonish Security Assessment combines a multi-tool, virtual approach with a physical assessment of your information technology infrastructure environment. The output, along with the information gathered during our physical audit, is reviewed and analyzed by trained, certified security experts who distill thousands of pages of technical feedback into an easy to understand, comprehensive, and actionable report. This report is then reviewed with your team to ensure all findings, along with the corresponding criticality and remediation recommendations, are fully understood. Download our sample Security Assesment today!