Government Network Security Failures Led to Remote Access Breaches

by VPNHaus | 07/01/2014

As technology advances, the number of cyber-attacks on both public and private networks also increases. According to the Washington Post, in 2013 alone, more than 3,000 enterprises were notified of system hacks that had the potential to expose sensitive information and powerfully damage their brands.

Former NSA director Keith Alexander pointed out earlier this week that government networks are far from secure, as the NSA and the Department of Defense uncovered more than 1,500 pieces of malware on the U.S. government's most secret networks.

“What causes me the greatest concern is what might happen if our nation was hit by a destructive cyber-attack," Alexander said, noting that most of the country's critical networks are operated by private industry. "If [a destructive attack] hit one of our Wall Street banks, the monetary damage could be in the trillions of dollars. We're not ready."

That is certainly a chilling thought, but are government agencies doing enough to secure remote access to their networks and the networks themselves? All signs point to no due to the increasing number of breaches agencies have been reporting recently, such as the public utility industrial control system (ICS) compromise reported by the Department of Homeland Security this month. Needless to say, urgent action needs to be taken to defend against such attacks.

In fact, Alexander’s comments could not have come at a better time, as the Montana Department of Public Health and Human Services was recently hacked and 1.3 million patients had to be notified that their sensitive information was potentially compromised. While there was no proof that the data was used for nefarious purposes, the agency has already “taken several steps to further strengthen security, including safely restoring all systems affected, adding additional security software to better protect sensitive information on existing servers, and continually reviewing its security practices to ensure all appropriate measures are being taken to protect citizen information.”

Had their network been supported and protected in a more strategic manner, this breach could have been prevented. If organizations leave even one small hole in their network security, a hacker can use it for devastating effect. As Eyal Firstenberg, vice president of cyber research at LightCyber said, “In fact, once mission-driven attackers have established a stable beachhead they leverage legitimate existing network resources, like user credentials, for the next phases of the attack. They thus render traditional security controls, like AV, firewalls, and sandboxes useless. With no system in place to monitor the internal network in real-time, attackers are effectively allowed to explore, compromise and exploit the network at their leisure.”

Why Every Organization Should Adopt a Defense in Depth Strategy

Much like enterprises, government agencies need to strongly consider the vast range of new attack vectors when planning their network security measures. Organizations must now adopt defense in depth strategies to ensure secure remote access and prevent similar attacks from occurring. Each and every network security component, including VPNs (preferably with central management), firewalls, intrusion prevention systems and more, must be able to not only contribute to creating layers of network redundancy in case of attack, but also rapidly adjust to threats as they are occurring.

As Firstenberg mentioned, monitoring systems are crucial to protect against hackers. This is where the benefits of implementing a remote access solution with central management come into play. With such a solution, network administrators can revoke access immediately after a breach is discovered. It also enables network administrators to control who can access what parts of the network within certain parameters, which reduces the risk of hackers accessing sensitive information. In addition, tasks such as provisioning/deprovisioning, and client and certificate rollout are automated, to ensure that every endpoint is always in compliance.

In the grand scheme of things, as we’ve mentioned numerous times, it’s vital for organizations to take network security seriously by applying a defense in depth strategy and implementing remote access central management. An overhaul is long overdue for government network security.