Asked and Answered: Your Top Cybersecurity Questions

As a solution engineer for Oracle’s Government and Education business unit, much of my time is spent in answering questions about cybersecurity and cloud. I’d like to share the top questions customers ask me, and my responses, from a recent  Government Technology webinar. 

How has the cybersecurity landscape changed for government agencies?

The pandemic has pushed the focus of cyber criminals to the “work at home” infrastructure as many companies and governments moved to the cloud for their digital operations and employees worked from home.  Today, there exist scores of new attack endpoints, and S&L government is a ripe target for attacks due to lack of comprehensive security policies, funding for security initiatives, and fractured responsibility among federal, state, and local governments.

Here are some sobering statistics from the Verizon 2021 Data Breach report:  85% of breaches were caused by a human element; 61% involved use of unauthorized credentials, and phishing rose to 36% (up from 25%).  Web attacks made up 80% of attacks, and more than 10% of breached systems involved ransomware – double 2019 numbers.   Ransomware attacks are now targeting groups that can pay and cryptocurrency has monetized every network for attack. 

Human negligence continues to be the leading cause of security breaches.  Privilege abuse, configuration mistakes, old, unpatched software paired with ignorance of security policy are common IT challenges.  Bad actors are out there and will continue to find a new way to make money at our expense.

What are the most pressing cyber threats agencies should be preparing for?

Data security threats are even greater in government because of the precious information we store: Social Security numbers, birth certificates, driver’s license information; bank account and credit card information; and addresses for millions of people.

Attackers are posing as government agencies to get data through phishing attacks.  These strategies dupe citizens who think some emails and texts come from official channels. Phishing is a key entry point to those type of threats.  Not adhering to separation of duties and enforcing least privilege policies can expose more data if an attacker gets any access.  Ensuring that your collaborative partners also share these data protection policies will prevent them from releasing your information to the wrong people.

You can minimize the effect of ransomware with a true business continuity plan – one that includes your key systems and their related systems.  So, if your systems are destroyed though malware, you have an alternative system to operate.  Be careful to ensure your plan for maintaining alternative systems current doesn’t compromise them.  Disk mirroring doesn’t know what it is copying – so it can copy the compromised data as well as the malware.  Databases that copy transactions using software is less likely to copy a “bad” item to your alternative site.

How does the evolution of infrastructure from on-premises to cloud-first change the cybersecurity conversation?

When systems were on-premises, you had separation of the human administrators – servers, network, appdev, and database.  Each group had total control of their area – some had gold images, some had policies, but generally policies were not shared or spread across groups.  

In the cloud, these can be shared responsibilities – sometimes with the cloud provider added to the mix.  It is important to maintain the separation of duties and least-privilege access.  Because humans make mistakes and mistakes cause security holes that can be exploited by cybercriminals.  The more access you have to more elements – the more likely you are to make a mistake or the more dangerous you could be as cybercriminal. 

Perimeter security is not sufficient; you need a 360-degree approach – core to edge, secure inside and out.  Multi-factor authentication is required across all devices.  Cloud also brings better automation which can prevent mistakes and keep patching updated without bringing down critical systems. 

Many  breaches have been  preventable; for instance, the patch to the software existed but it wasn’t applied.  Cloud automation and autonomous software is self-patching can prevent this type of breach.  Many clouds provide artificial intelligence and machine learning as well as user behavioral analytics to the cyber game – bots against bots – good guys against the cyber criminals.

Why is having a full end-to-end (data to the edge) approach to cloud optimal?

An organization’s security is only as strong as its weakest link – and that can be anywhere in the chain from data to edge, on-premises to cloud or multi-cloud.  It’s important to secure all the components and be proactive.  Security must be built in, not bolted on and that’s from policy to products.  It needs to extend to partner agencies as well.  Organizations must assume a “zero trust” architecture including their supply chain.

Automation and security assessments are critical tools that the cloud provider leverages to prevent humans from making mistakes.  For example, with Oracle Data Safe, you can evaluate the security risk of any Oracle database – in cloud or on premises. With Maximum Security Zones and Cloud Guard, configurations are set and checked to ensure that someone doesn’t violate security policies.  Using automation prevents human errors in deployment. And developers need to follow better security principles in a typical devSecOps environment.

In my next installment, I’ll give you the six action items you’ll need to secure your infrastructure.