Trending it security threats in the public sector
- 1. The “New Norm” in Cyber Security:
What’s Trending Now in Public Sector
- 2. “…we should always be
evaluating how we can
work smarter...”
ERIC COWPERTHWAITE
VP Advanced Security and Strategy
Core Security
GRAYSON WALTERS
Information Security Officer
Virginia Department of Taxation
- 4. 1. Access to targets
• Beware of “low-value targets” connected to larger,
more interesting entities
• Lower budgets and small staffs make evading
security a bit easier
How many vulnerabilities? How many applications? How many possible attack paths?
Are the vulnerabilities exploitable?
Does the attack path lead to sensitive data?
- 5. 2. Where are your network boundaries?
• Commercial tech has always outpaced
business…and in government it is twice as bad
• BYOD – Connected personal device overload
• How many of your users are using web apps
that you don’t know about?
The Zero-Trust Model
- 6. 3. Remember password theft
Password theft is real
• Phishing attacks work, they are easy to set up and
have very low risk - 12% will click!
• Users fail to report when they do something wrong
• Users have access to things they should not
- 7. 4. Enforcing controls. Always.
Balancing policies and controls
• You don’t necessarily want to be the “enforcer,”
but it’s our role as security professionals
- 8. 5. Overload…oh my!
Security teams are overloaded:
• Data – vulnerabilities, networks, viruses, SIEM, IoT, etc.
• Regulations – Required security, reports, mandatory activity
Security teams are, generally, too small, have the wrong skills
Many different regulations and security frameworks to satisfy
- 9. So, what can we do to mitigate some of these
#“new_norm”_threat_trends?
- 11. Cut through the noise…
• Engage new and different security skills, outsource critical skills
• Success is going to require innovation
• Must understand what the bad guy will do
• Must know where to expend resources
• Implement new technologies
o Analytics
o Automation
o Integration
Change the game to intelligent defense