THALES
Imagine the chaos if a malicious actor leaked a list of all alleged U.S. police informants and government spies. A situation of this magnitude would decimate foreign service operations and jeopardize countless American lives. In Belarus, this nightmare scenario recently became reality when hackers stole sensitive information related to the Belarusian government, in an effort to overthrow the current regime.
The cribbed information included names of alleged police informants and sensitive details about top officials and spies, as well as video footage from police drones and recordings from a government wiretapping system.
In addition to the pilfered information, hackers disabled security cameras and implanted malicious software onto government devices with the intent to take those devices offline.
This incident may illustrate a worst-case scenario of hackers gaining entry to a government’s most critical and valuable data and assets, but it’s something federal agencies must contend with, as hackers get more brazen every day.
To combat these growing threats, agencies need to adopt multi-factor authentication (MFA) and encryption tools outlined within the latest cybersecurity executive order -- today, “I think the biggest challenge that federal agencies will have is to start early … the truth of the matter is that multi-factor authentication is probably one of the most effective ways to secure yourself against threats,” says Cina Shaykhian, solution architect at Thales. “The saying I have around this is that the strongest password is weaker than the weakest password with an extra authentication factor.”
3 Key Pillars of MFA and Encryption
While agencies seek out solutions that offer strong access controls, the question is, what does a good data security platform look like?
For David Ortega, principal solution architect at Thales, a good data security platform addresses a trio of key pillars to best provide data protection.
“We find a good security platform addresses three key pillars to provide data protection. Those three pillars are [primarily], an ability to discover and classify data, [followed by] the appropriate use of encryption, access controls and tokenization. [Finally] the third pillar is control, with a focus on controlling encryption keys in the hybrid enterprise,” he says.
At the moment, however, a majority of agencies are not able to comprehensively use up-to-date tooling that address these three key pillars.
“We see a lot of organizations may have had data loss prevention tools that they acquired 10 to 15 years ago, and those tools may not extend well to the different hybrid environments that they’re operating in today. Now is an opportunistic time to update and modernize the toolsets in use for data protection,” Ortega says.
Unlocking the Benefits of MFA and Encryption
How might MFA and encryption have worked in the case of the Belarusian government hack?
In a zero-trust environment, where continuous authentication is status quo, MFA would’ve automatically — through the use of artificial intelligence and machine learning — logged a distinct change in user patterns. And depending on the agency’s security protocols, there may exist controls restricting access to printing or access to the network as a whole. MFA, although inconvenient for real employees, does help agencies stop lateral movement once a threat actor has gained invalid credentials.
"Being able to leverage strong MFA adaptive access will help you towards a strong security posture,” Shaykhian says. “If one device or system gets compromised, given that those credentials are constantly rotating, it becomes very difficult … to gain access across all the resources.”
Even if a malicious actor was able to access assets in this scenario, from the use of strong encryption and data protection tools like those found on the CipherTrust Data Security Platform, the data is rendered useless as it is ciphertext. Without access to the keys which encrypted the data, the data cannot be decrypted.
“Understanding how to mitigate vulnerabilities requires encrypting sensitive data, performing automated policy-driven enterprise-wide sensitive data discovery and classification, and controlling access to the keys which have encrypted the data. As a result of employing a comprehensive data protection program, the agency mitigates risks that if data is taken, it cannot be used to blackmail the agency or held to demand additional payments,” Ortega says.
By deploying MFA and encryption tools, agencies can begin to improve their data security posture, ensuring all information remains secure -- and out of the reach of hackers.
No comments:
Post a Comment