Government agencies are among the most popular targets for cyber attacks. According to a 2019 Senate report, cyber attacks on government agencies have increased by more than 1,300 percent over the past 15 years, with a high-water mark of 35,277 incidents in 2017. Another recent study finds that nearly 70 percent of all ransomware attacks in the U.S. last year targeted government entities.
To combat the threat, public-sector agencies need security tools that provide increased visibility into their distributed networks, along with the mechanisms for detecting, containing, and remediating threats. That’s why many are implementing advanced solutions featuring continuous malware monitoring.
Valuable Data, Archaic Security
High-value data is a main reason agencies are targeted. In addition to data about the people they employ and serve, agencies store a great deal of sensitive information about the many businesses that do contract work for the government.
A dependence on antiquated technology makes many public-sector organizations easy marks. For example, many key government benefits applications were written in COBOL, an Eisenhower-era programming language. These legacy apps often predate the Internet and lack any appreciable security features. What’s more, they are dependent on legacy hardware, operating systems, and database structures that introduce even more vulnerabilities.
Analysts warn that these systems are particularly vulnerable to attacks designed to remain active but unnoticed for long periods of time. Advanced persistent threats (APTs) and network resident threats (NRTs) both feature stealthy malware that remains undetected for weeks or months, moving laterally throughout the network to harvest credentials and sensitive data. Eventually, this data is exfiltrated to a command-and-control server.
APTs and NRTs are often difficult to identify initially because they are concealed inside another file that seems legitimate. Using techniques such as steganography, criminals can hide executable files inside a seemingly harmless document, text message, video, or image. It could be days, weeks, or months before the malicious payload is eventually launched.
Conventional malware monitoring solutions provide limited protection from APTs and NRTs. Those tools were built for preventive measures, blocking known malware as it tries to enter the network. If a new or disguised piece of malware gets into the network, basic monitoring tools offer little to no visibility.
Always On Guard
Solutions such as Cisco Advanced Malware Protection (AMP) not only create a stronger first line of defense, they also use continuous monitoring and analysis to keep tabs on potential problems over time. Rather than blocking only known malware, Cisco AMP uses sophisticated detection engines, one-to-one signature matching, and machine learning techniques to catch known and unknown malware before it enters the network. It then continues to watch, analyze, and record the activities of files that are initially deemed safe.
Continuous monitoring ensures that APTs and NRTs remain under surveillance. If malicious behavior is spotted later, AMP generates an alert through its browser-based management console. The alert contains a dynamic analysis of the threat and a complete ancestry of file activity that describes where the file came from, where it’s been and what it’s doing. The threat can then be contained and neutralized with just a few mouse clicks.
The combination of sensitive data and outdated technology makes government agencies an inviting target for cyber-criminals, and the consequences of a data breach can be significant. Advanced solutions such as Cisco AMP that feature continuous malware monitoring can significantly reduce the risk of such stealthy attacks.