Story image

Governments vulnerable to attack, says Palo Alto Networks

20 Apr 2016

Governments need to reassess how they’re handling cyber attacks, according to Palo Alto Networks.

The company says government departments are an attractive target for malicious hackers and criminals, making them vulnerable to attack.

In order to avoid this, governments must learn from past events to harden their networks and reduce the risk of successful cyber attacks. 

“Governments should use 2016 to course-correct by using recognisable patterns and paying greater attention to best practices to make sure defence strategies are agile,” explains Pamela Warren, director, Government and Industry Initiatives, Palo Alto Networks.

“Every year Palo Alto Networks assessed application usage and threats seen our customers’ networks,” she says.

“We analysed some of the larger attacks against government networks and a number of trends jumped out.”  Key trends 2015 include: 

  • SaaS is everywhere and can be used as an attack vector
  • remote access application usage is growing, giving attackers easier access to networks
  • weaponisation of local, regional, or international events at speed is increasing
  • attackers continue to target partners, contractors, and other with ‘outside-in’ access to networks
  • macros have reappeared as attack methods.

“Government agencies and critical national infrastructure are repeated targets,” says Warren.

“Using the cyber attack lifecycle as a guide, attackers often used either an exploit to a well-known vulnerability or malware in spear-phishing campaigns to establish their initial beachhead.” 

To protect themselves governments must:  be proactive and agile

  • understand cyber ranks and processes, demand accountability, and test and evaluate to ensure teams are working together to address cyber security
  • gain visibility into what applications are running in the network, who is using them, and why
  • reduce the attack surface
  • account for the entire cyber attack lifecycle
  • integrate network security controls to improve threat prevention and reduce response time
  • use a zero trust approach even with slower than desired patch cycles in large government networks and sophisticated attackers trying any opportunity to get in and move laterally
  • decrypt SSL communications
  • measure the controls in place to ensure active readiness.

“Threat prevention is possible but too often we see organisations doomed to repeat the same mistakes,” Warren explains.

“If government agencies can learn from the security events of the past, then they can harden themselves against future attacks,” she says.

ABS and Google Cloud partner to demonstrate the feasibility of AI-enabled corrosion detection
The project successfully demonstrated the accuracy of AI in detecting and assessing structural anomalies commonly found during visual inspection.
Sungard AS named DRaaS leader by Forrester
It was noted for its disaster-recovery-as-a-service solution’s ability to “serve client needs at all stages of their need for business continuity.”
IDC: APeJ blockchain spending to grow over 80%
Blockchain spending is forecast to grow by 83.9% year over year in 2019, and 77.5% by 2022.
Gartner: The five priorities of privacy executives
The priorities highlight the need for strategic approaches to engage with shifting regulatory, technology, customer and third-party risk trends.
Why an IT resilient strategy needs to be in the modern CIO’s toolkit
"Having an IT resilience strategy in place allows an organisation to smoothly adjust to change."
Intel announces “most powerful mobile processors ever”
Improvements in performance, responsiveness and Wi-Fi connectivity will be rolling out for gamers and creators alike.
Software AG launches new cloud-based IT portfolio management tool
“Alfabet FastLane’s out-of-the-box approach absolutely addresses the needs of smaller IT teams."
Slack's 2019 feature roadmap unveiled
Including shared channels across organisations, workflow automation, greater email and calendar integration, and streamlined search.