Perspecta : 2021 cybersecurity trends and recommendations for U.S. public sector

2021 cybersecurity trends and recommendations

Special focus: U.S. public sector

Current state- growing reasons for concern

Early in 2020, a large public sector health organization experienced a massive cyber data breach involving over 1.1 billion medical records of beneficiaries. Unfortunately, cyberattacks against the U.S. public sector are on the rise.

In fact, Cybersecurity Ventures reports that the U.S. Public Sector is now one of the top five most cyber attacked business sectors in the world. This paper is focused on providing valuable insights to U.S. federal, state and local government leaders on 2021 cyberattack trends. It also shares some of our recommended cybersecurity best practices to help U.S. government agencies mitigate the damages resulting from the growing cyberattacks on the U.S. Public Sector.

Global cyberattacks in the past year1	U.S. government and cybercrime statistics and facts2

• 4 trillion cyber intrusion attempts
• 10 billion malware cyberattacks
• 187 million ransomware cyberattacks
• 34 million Internet of Things (IoT) cyberattacks

• The U.S. is the country most severely affected by cybercrime in terms of financial damages
• In 2019 the U.S. federal government faced costs of over $13.7 billion in damages as a result of cyberattacks
• Lack of a sufficient cybersecurity budget is a leading barrier to an effective state-level cyber program in the U.S.

The average cost of a cyber data breach worldwide is $3.9 million3

The average cost of a cyber data breach in the U.S. is $8.2 million4

1 www.sonicwall.com/resources/2020-cyber-threat-report-pdf/;2 www.statista.com/topics/3387/us-government-and-cyber-crime/;3, 4 www.ibm.com/security/data-breach

2021 cybersecurity trends and recommendations

2

Top 10 cybersecurity trends in the U.S. public sector

1. Increased cybersecurity spending by government agencies: in 2021, it is anticipated that U.S. federal, state and local government spending for cybersecurity will be increased by 5%, or more, including spending for research and development (R&D), hardware, software, professional services-cybersecurity education, training, simulations, cyber threat intelligence, vulnerability management, security operation center services, cyber engineering, incident response services-and customized integrated cybersecurity solutions. The expected increased investment in cybersecurity is necessary to combat the rise in cyber threats targeting U.S. government agencies
2. The rise of cyberattacks on U.S. government agencies: the U.S. public sector is to see an increase in the number and level of sophistication of the following types of cyberattacks:
3. • Spear-phishing
   • Brute-force
   • Distributed denial of service (DDoS)
   • Trojan horse malware
   • Business email compromise (BEC)
   • Advanced persistent threat (APT) malware
4. Blending of cyber threat actors targeting U.S. government agencies: it is anticipated that a continued blending of cyber threat actors will occur, including nation-state cyberattack groups (China, Russia, Iran, North Korea and others), criminal cyberattack groups and hacktivists working together and targeting U.S. federal, state and local government agencies. Specifically, cyberattacks on U.S. government agencies are expected to steal intellectual property, obtain personal information of key government and military leaders, conduct misinformation campaigns and delay / disrupt critical government operations
5. Potential disruption of ransomware monetization model: in October 2020, the U.S. Treasury Department's Office of Foreign Assets Control (OFAC) warned companies and state and local government agencies making ransomware payments, that they risk violating economic sanctions imposed by the U.S. federal government against cyber criminal groups or nation-state sponsored cyberattack groups. By dramatically reducing cyber ransom payments, the OFAC Advisory has the potential to disrupt the current ransomware monetization model and ultimately result in fewer ransomware cyberattacks nationwide, which would be very positive for the U.S. public sector. However, the OFAC Advisory will also have a significant negative impact on:
6. • Insurance companies currently reimbursing their clients who have paid cyber ransoms and may face significant civil penalties for any future payments
   • The victims who will have to pay cyber ransoms on their own or suffer the legal consequences
   • The incident response providers who will likely experience a loss of work

1. A need to enhance secure remote virtual private network (VPN) access: as a result of the COVID-19 pandemic, enhanced cybersecurity measures will continue to be needed throughout 2021 to support the tremendous growth in remote access using VPNs required for government employees, government contractors and citizen-to-government online activities
2. Growth of cloud-based infrastructure and apps requires more cybersecurity : it is anticipated that U.S. federal, state and local government agencies will increase cloud migration from data centers to public clouds (i.e., AWS, Microsoft, IBM and others) and private clouds which will require enhanced information security measures to improve cyber hygiene and ensure data privacy, data security and data resilience
3. Increased insider threats: as the level of cybersecurity awareness increases and cyber defensive operations are enhanced by U.S. federal, state and local government agencies, an increase of cyber insider threats is expected. Cyber threat actors-especiallynation-state cyberattack groups-are well known for adapting their cyber tactics, techniques and procedures (TTPs) to the situation, always searching for the weakest link to pursue an attack. Thus, as cybersecurity education, training, hardware and software are improved within U.S. government agencies, the cyber threat actors will seek to bribe, threaten and/or blackmail government agency insiders to gain access to valuable national defense information, steal intellectual property or illegally obtain personal information to influence government leaders. According to Verizon Security In 2020, over 35% of all cyber data breaches were a direct result of insider threats5
4. Growth of digital transformation drives increase in cyber vulnerabilities: as U.S. federal, state and local government agencies will implement numerous digital transformation projects using emerging technologies- artificial intelligence (AI), machine learning (ML), big data analytics, 5G mobile technologies, Internet of Things (IOT) connected devices. These data-centric technologies may create many more information security vulnerabilities, unless proactive cybersecurity measures are planned and adopted at the forefront of the projects
5. High turnover of U.S. cybersecurity professionals: according to a 2020 report by the Gartner Group there are more than 4 million unfilled information technology (IT) and cybersecurity job vacancies in the U.S. alone, many of these open cybersecurity positions need to be filled fast. As a result, in 2021 there will likely be a continued high turnover rate of 20% or more of experienced cybersecurity professionals, from intermediate level security analysts to chief information security officers (CISOs) nationwide
6. Evolving cybersecurity regulatory landscape: it is expected that U.S. federal, state and local government agencies will continue to struggle to keep pace with new technologies and constantly changing cyber threats. Thus, it is anticipated that U.S. federal and state governments will enact new cybersecurity laws, regulations, standards and certifications to try to curb the growth of cyberattacks in both the public and private sectors by mandating stronger cybersecurity risk management programs, enhanced monitoring, detection and incident response capabilities, and penalties for information security negligence

5 https://enterprise.verizon.com/resources/reports/dbir/

2021 cybersecurity trends and recommendations

3

Top 10 cybersecurity recommendations

The following cybersecurity recommendations for consideration by government agencies are based on our extensive experience serving as a leading technology systems integrator (SI) and consultant with U.S. federal, state and local government agencies nationwide:

1. Develop and implement a threat-based cybersecurity (TBC) methodology: a proactive approach to identify high-value data, assess data storage and transmission for vulnerabilities, and mitigate the most likely risks and attack vectors. This maximizes the efficacy of cybersecurity resources by focusing on an organization's unique threat profile. Achieving this comes as part of a continuous process that responds to emerging cyber threats. MITRE recommends
   the following steps in putting a TBC methodology in place:6
2. • Obtain cyber threat intelligence and analysis
   • Provide cyber defensive engagement of the threats
   • Focused sharing and collaboration of cyber intelligence and attack information
3. Transition to cybersecurity managed services: increasingly, government agencies are realizing the value of outsourcing cybersecurity services and utilizing commercial off-the-shelf (COTS) services provided by experienced system integrators and managed security service providers (MSSPs). SIs and MSSPs can provide expert talent and proven, effective cybersecurity technologies to increase the use of data automation, workflow automation, big data analytics and data visualization to drive enhanced performance and cost-effectiveness. Moving from a cybersecurity contractor, staff augmentation business model to a cybersecurity managed services model takes time to plan, select the right performance measures and metrics, and ensure a smooth transition. Typical cybersecurity managed services include: security operation centers (SOC) services, security information and event management (SIEM) services, incident response management (IRM), vulnerability management and cyber threat intelligence (CTI), just to name a few
4. Use a cyber range and cyber exercises to educate and train security professionals: leverage the capabilities of a cloud- based cyber range with emulated information systems networks and simulated cyberattacks to provide persistent cyber education and training for IT professionals combined with tabletop exercises for government leadership
5. Create a "zero trust" (ZT) data environment: transition to a zero trust data security environment with policies, plans and a zero trust architecture (ZTA) including data micro-segmentation, micro- perimeters, data segmentation gateways, ICAM to the borders, etc.
6. Implement an artificial intelligence (AI)-driven intrusion detection system (IDS): implement new software using AI and

ML capabilities to more accurately monitor traffic moving throughout email, network and information system endpoints to identify suspicious activity and clear threats in real-time

1. Develop and test an internal and external cyber data breach communications plan: to align with existing enterprise risk management frameworks (i.e., NIST SP 800-37 and NIST SP 800-53)
2. Implement and test a cyber incident response plan: to include the participation of organizational leadership and key personnel from all technology, business administration and clinical functions

1. Enhance identity, credential and access management (ICAM) enterprise-wide: develop technical policies and procedures to ensure only authorized employees have access to sensitive information (SI), controlled unclassified information (CUI, and personal identifiable information (PII). Then, implement an enterprise-wideend-to-end ICAM software with advanced software encryption, multifactor authentication (MFA) using passphrases and biometrics, and credential-based boundaries or role-based boundaries
2. Build an insider threat program: to include policies, education, training, monitoring, detection and implementation of a zero trust architecture that creates micro-perimeters and data segmentation to restrict internal vertical and lateral movement within an information system to only those individuals with approved access
3. Establish and test a business continuity plan (BCP): in order to have real information resilience it is vital to have an effective information backup capability

Summary

In 2021, U.S. federal, state and local government agencies are expected to invest billions of taxpayer dollars in cybersecurity solutions to reduce cyber risks and combat cyberattacks.

Additionally, it is expected that U.S. government agencies will implement numerous multibillion-dollar digital transformation programs to leverage emerging technologies-cloud computing, big data analytics, data automation, AI, ML and robotic process automation-with the intent to enhance government provided services, increase the speed of data analysis, improve decision-making and reduce operational costs.

The above stated emerging information technologies offer the potential for significant data-centric solutions to various government operational challenges. Likewise, each of these technologies create new cybersecurity risks and cyber vulnerabilities to potential data breaches, which can jeopardize data privacy and data security for government employees and all U.S. citizens. Thus, it is essential for U.S. federal, state and local government agencies to implement proven cybersecurity best practices, such as those discussed in this paper, to form an integral part of digital transformation planning and implementation efforts to ensure data privacy and data resilience in 2021 and beyond.

2021 cybersecurity trends and recommendations

4