Remote working opened the doors to cyberattack and data breach risks – we can close them
In 2020 public sector organisations have been tested to a degree never experienced before. According to CrowdStrike, increasing cybersecurity attacks are an additional complication they must navigate in an injurious year.
In responding to COVID-19, organisations have had to rapidly accelerate digital transformation programmes and remote workforce enablement , sometimes overnight, just to keep functioning.
This has not been lost on adversaries who are working overtime to take advantage of new attack surfaces, exploiting people’s fears, and trying as hard as they can to evade even the strongest traditional security measures. Adversaries range from professionally-run criminal gangs to state-employed elite hackers of foreign governments.
This year, CrowdStrike has observed a huge increase in malicious activities by these adversaries. In the first half of 2020 CrowdStrike’s Threat Intelligence team observed over 41,000 attempted breaches. That’s more than the 35,000 observed during 2019.
Phishing has increased many times since the coronavirus arrived. The private and public sectors are equally at risk from indiscriminate malware or carefully targeted ‘hands-on-keyboard’ attacks where hackers attempt to commit targeted malicious activities.
The threat posed to the UK government is real.One only has to look at a selection of reported incidents from this year:
- A ransomware attack at Redcar Council, estimated to cost £10.4m
- The NCSC issued guidance about cyber criminal groups exploiting COVID-19
- HMRC reported a huge increase in phishing scams during the early pandemic
- A cyberattack affecting Hackney Council prevented access to many publicly-used council services
- The Financial Times reported that more than one in four UK cyber attacks were related to COVID-19
- The BBC reported that Newcastle University’s cyber attack was expected to take "a number of weeks" to remediate
CrowdStrike’s own 2020 Global Threat Report uncovered a significant increase in ransomware and fraud, and nation-state intelligence and espionage activities.
Digital transformation: From every team member to citizen customers
In order to continue and improve on public sector digital transformation it’s clear that there must first be a security transformation to safeguard organisations and their customers from increasing and evolving threats.
The rapid transference to a work-from-anywhere environment has abolished the traditional perimeter. Now to defend the organisation, every element, from each endpoint and cloud instance to the corporate network, requires a security rethink - founded on Zero Trust.
For example, according to reports, during the pandemic the number of remote workers at DWP increased to 32,000. Over 40,000 new devices were provided and over 6,500 IT changes were delivered. Such speedy transformation is an achievement, but also increases the security risks from expanded attack surfaces and a greater number of electronic conversations criminals can hijack.
Such transformation means that endpoint and cloud security becomes an immediate risk, and although compliance and security hygiene steps are checkbox features, they can’t offer true security against the most serious threats, especially in the world of DevOps where speed-to-market has become essential for public sector organisations.
Ensuring business goes on via ‘Zero Trust’ with CrowdStrike
The rapid move to a work-from-anywhere environment combined with the daunting number of breaches so far this year has brought the Zero Trust model to the forefront. Zero Trust is the principle that nothing attempting to interact with your network environment should be trusted by default: User, device, or application. It is the approach for organisations requiring the highest level of protection for sensitive data. Organisations should be able to extend their Zero Trust strategy to encompass their remote workforce with the necessary scale to keep enterprises secure and functional. For public sector organisations in this new normal, it is the only way to operate effectively.
Zero Trust requires that organisations control access to applications and data and verify that any device or user is what it claims to be. The challenge lies in how organisations are able to implement Zero Trust into their infrastructure without additional complexity, or affecting productivity. And at the heart of being able to provide a robust, frictionless experience for all stakeholders is the ability to analyse and take action on information and attacks in real time without disruption.
In September, CrowdStrike acquired Preempt Security, a leader in Zero Trust identity hygiene and security, integrating its modern approach to securing identity with patented conditional access technology. This allows customers to preempt security threats in real-time from on identity, behaviour and risk.
Transformation means that endpoint and cloud security becomes an immediate risk, and although compliance and security hygiene steps are checkbox features, they can’t offer true security against the most serious threats, especially in the world of DevOps where speed-to-market has become essential for public sector organisations
It’s imperative to be able to detect zero-day adversary activity to gain insight into who is attacking what they did, and how they did it.
The CrowdStrike cloud protects compute workloads in over 170 countries for thousands of companies, capturing over four trillion events per week. Put into context, CrowdStrike processes as many events in one day as Twitter users tweet a year. It is this intelligence that allowed it to be the first to identify and block attacks including ‘NotPetya’.
The CrowdStrike Falcon Platform enables enterprises to identify known and unknown malware, detect zero-day threats, pinpoint advanced adversaries’ attribution and prevent damage from targeted attacks in real-time. The core of the platform is a global network of host-based detection sensors driven by a world-class cyber threat intelligence to provide real-time detection and prevention capabilities to governments and enterprises worldwide. The platform deploys a single lightweight sensor on the user machine, processing in the cloud. Productivity is not impacted, deployment is fast, and updates are automatic without administration overhead.
CrowdStrike’s next generation anti-virus incorporates AI/ML techniques and leverages big data and threat intelligence at scale. This first ‘blocking’ step is backed up by granular visibility that allows monitoring and blocking of attacks at any stage of the adversary’s movement. The final layer is a team of experts proactively hunting threats in customer environments. These are the key components that differentiate CrowdStrike, and that’s why CrowdStrike leads the Gartner Magic Quadrant for Endpoint Protection Platforms, as well Gartner’s Peer Insights Customers’ Choice, and are a Leader in the Forrester Wave for Endpoint Security Suites.
Come find out more about how the public sector is stopping breaches - full stop - with CrowdStrike at our webinar on 27 January. Click here for details.
Steve Barclay urges greater reporting of attacks
New ‘Gov Assure’ process aims to provide a government-wide overview of risk, minister tells PublicTechnology Cyber Security Summit
Union chief criticises as ‘reckless’ ministers’ intention to return Whitehall headcount to 2016 levels
Consultation launched on code of practice for Apple, Google and others – although adherence would be voluntarily