State and local government agencies across the nation have ramped up their digital transformation efforts in order to make a multitude of services and programs more accessible to their constituents. However, that increased online presence has also made them enticing targets for cybercriminals.
Cyberattacks on state, local, tribal and territorial governments have increased by 50 percent since 2017, according to a new study by the network security firm BlueVoyant. However, the study notes that figure is “almost certainly” low because agencies often work quietly with private security companies to keep news of attacks out of the public eye.
Furthermore, the study only covered the period between 2017 and December 2019, so it doesn’t include countless pandemic-driven attacks designed to exploit unprecedented numbers of remote government employees. For example, New York City officials report that they are now attempting to secure roughly 750,000 endpoints, compared to just 80,000 before the COVID-19 pandemic.
Many — perhaps most — remote government workers are conducting at least some business on their own smartphones, laptops and PCs. These unsecured endpoints can provide cybercriminals easy entrée into government networks and access to high-value data about elected officials, employees, taxpayers, contractors and more.
Who’s There?
One of the best ways to minimize threats to endpoint devices is with the Cisco Identity Services Engine (ISE), a next-generation identity and access control platform that makes devices prove they’re secure before they are allowed to connect to the network. It enables automatic enforcement of a range of network access policies based on user, device, location, role, application and other attributes.
Device profiling is a key feature of ISE. Using active probes and device sensors, ISE “listens” to the way devices connect to the network. It then compares that information against an extensive profile database to produce a granular description of devices that are attempting to access the network.
Other valuable ISE features include:
Threat containment. ISE analyzes telemetry data to develop real-time threat scores for every endpoint as it connects to the network. If a threat score rises based on unusual behavior, ISE can limit access or automatically remove the suspicious endpoint.
Network segmentation. With group-based policies, ISE limits authenticated users to specific segments of the network, specific applications and specific services. In the event of an attack, this feature significantly reduces damages by limiting an exploit’s lateral movement through the network.
Device compliance. ISE determines whether users are accessing the network on an authorized, policy-compliant device. It checks the device’s operating system version, system settings, endpoint protection software and other characteristics against defined policy. If the device is not compliant, ISE prompts the user to update the device for network access.
Secure guest access. Built-in Authentication, Authorization and Accounting protocols enable secure network access for guests such as visitors, contractors, consultants and customers. Administrators can create and edit guest and sponsor portals, configure guest access privileges by defining their guest type, and assign sponsor privileges for creating and managing guest accounts.
State and local government agencies are inviting targets for a variety of reasons. Not only are they sources of high-value data, but they often lack adequate security measures and support. Pandemic-triggered remote work requirements have created additional avenues for attack. Cisco ISE can minimize the risk of attack with improved levels of visibility, control and automation.
