Democrats will have their hands full when dealing with federal cybersecurity.

Edward Gately, Senior News Editor

January 8, 2021

9 Min Read
Cybersecurity Roundup, security roundup
Shutterstock

Now that Democrats have gained control of the presidency and both houses of the Congress, a big question is how this will impact federal cybersecurity.

Federal cybersecurity has made big headlines in recent months. The massive SolarWinds hack led to security breaches at numerous U.S. government agencies. Specifically, the attackers breached the National Telecommunications and Information Administration (NTIA), the Department of Homeland Security (DHS) and more.

And the U.S. Justice Department is the latest federal agency to say it was breached in the hack.

Furthermore, during this week’s insurrection at the U.S. Capitol, rioters stole devices belonging to government officials.

So can we expect to see changes in federal cybersecurity with the Democrats in control? We spoke with Jerry Ray, SecureAge‘s COO, and Heather Paunet, Untangle‘s senior vice president.

Channel Futures: What could Democratic control of the presidency and both houses mean for federal cybersecurity?

Ray-Jerry_SecureAge.jpg

SecureAge’s Jerry Ray

Jerry Ray: The Democratic sweep of both the legislative and executive branches offers one of the most essential and necessary elements of sound cybersecurity policy: apolitical and data-driven decision making. Far beyond any changes to the cybersecurity capabilities and posture within government departments and agencies, the adherence to passion-free and data-based cyber policies will encourage the private sector and individuals alike to do the same. Imaginary claims will be replaced by more technical descriptions of the threats, as well as genuine attribution to the bad actors – a la Russia – regardless of any diplomatic stances or international alliances.

It’s not that the Democratic party is entirely altruistic and would not politicize any event or issue, cyber-related or otherwise. In this environment, anything that can be revealed and presented as undisputed and easily verifiable fact will be far easier to adopt by any entity or organization, regardless of political bent.

CF: Are there particular federal cybersecurity issues that likely could be addressed?

JR: The first two obvious moves that Democratic leadership will address will be a correction of some sort regarding the director of the Cybersecurity and Infrastructure Security Agency (CISA) after the ridiculous firing of Chris Krebs shortly after the election, and a deliberate response to the recent cyberattacks against federal agencies enabled through the SolarWinds exploit.

Beyond those more notorious cyber-related issues, Democratic leadership will work on cybersecurity policies related to data protection statutes akin to those in Europe, such as GDPR, and the provision of funding to federal agencies and entities providing critical infrastructure for shoring up their internal systems to prevent and minimize both external and internal threats. This should inspire many states to follow by allocating funds to help protect organizations beyond the direct reach of the federal government, such as school systems and voting infrastructure.

While less newsworthy over the past several months, the privacy concerns of the Democratic constituency will be addressed. Everything from electronic surveillance to protection of data generated and stored by government agencies, corporations and small merchants, will be reviewed and policy presented to diminish the seemingly never-ending cycle of wide-scale data breaches trailed by years of individual suffering through drained bank accounts, identity theft, or similar.

Paunet-Heather_Untangle.jpg

Untangle’s Heather Paunet

Heather Paunet: The impact of the Sunburst [SolarWinds] attack, which was brought to light in December 2020, is still unravelling. The recent media coverage of this attack raised awareness of what can be at stake as victims were found to be U.S. federal agencies such as the DHS, parts of the Pentagon and five branches of the U.S. military.

CF: Are we likely to see any big changes taking place in federal cybersecurity?

JR: Given the acceleration of cyberattacks and the technology that enables them, the likelihood of new policies coming about is impossible to gauge. At a minimum, though, a Democratic-led legislature and presidency makes any progress far more likely than at any point over the past six years. Those aspects that don’t require …

… policy and can be enacted through executive action, such as a retaliatory move against those who recently attacked federal agencies, will be even more likely still.

HP: Democratic campaigns have focused on these issues with plans to make system upgrades and review infrastructure systems. And Republican plans under President Trump have similarly focused on these issues with the introduction of bills to focus on strong leadership at the DHS and CISA.

Regardless of which party has control of any branch of the government, the attacks will keep coming through 2021 and beyond. It is up to our elected officials to take these attacks seriously and put in place measures to block them.

More Effective Cybersecurity Training Needed

As much as 88% of data breaches are caused by human error. But only 43% of workers admit making mistakes that compromised cybersecurity.

In the past year, one-third of the breaches incorporated social engineering techniques. And the cost of a breach caused by human error averaged $3.33 million.

CISOs and other stakeholders can grab employees’ attention by changing the methods of regular cybersecurity training, according to NordVPN. Those who find training interesting are 13 times more likely to change the way they think about cyber threats.

Juta Gurinaviciute is CTO at NordVPN Teams.

“The threat landscape constantly changes, and techniques used by cybercriminals evolve and get more sophisticated,” she said. “Outdated training methods won’t cover emerging threats and new attack methods.”

Employees perceive mandatory training as a burden, imposed by management, Gurinaviciute said. This is especially true if organizations employ the same old methods year after year.

NordVPN offers five ways to make cybersecurity training more effective:

  • Gamify it. Quizzes, games, prizes and quality time with colleagues will enhance enjoyment and learning. Interactive activities boost engagement and yield better results when it comes to teaching staff about cybersecurity.

  • Engage in friendly competition. Engage people with incentives, be it a prize or pride. Companies should organize competitions to keep a workforce constantly aware of new threats and how to tackle them.

  • Make it rewarding. Turn the right answer into a badge and a discovered vulnerability into a star. And turn a year without an incident into a holiday bonus.

  • Turn it into a team effort. Employees should work in teams and solve riddles with their colleagues. In a cybersecurity workshop, for instance, employees can be asked to craft a phishing email.

  • Make sure to speak clearly and to explain every term in plain language so the relative layman understands and remembers.

“Being on top with the most recent information and training material, MSSPs are the main cybersecurity evangelists and advisers for many enterprises across industries,” Gurinaviciute said. “If they offer the newest digital protection solution, the appropriate training should follow.”

CISOs and IT executives aren’t the only ones who …

… need training on innovative programs and solutions, she said.

“Cybersecurity providers can definitely initiate the training,” Gurinaviciute said. “Collaboration is the root cause for innovation. And thus, cybersecurity training would take into consideration latest trends, objections and industry standards.”

Cloud Identity and Access Management to Plague Businesses This Year

Cloud identity and access management (IAM) will be a big problem area in the coming year, even for mature organizations, according to Rapid7.

That’s because cloud IAM is very complex and presents more opportunities to make mistakes. In addition, there are many overlapping layers of access. And everything has an identity, including users, resources and applications. That presents a gap in security.

Chris DeRamus is vice president of technology at Rapid7 Cloud.

DeRamus-Chris_DivvyCloud.jpg

Rapid7 Cloud’s Chris DeRamus

“As cloud adoption becomes more mainstream, we will see more repetitions of mistakes made in the past,” he said.

Organizations are incorrectly configuring databases, storage containers and other cloud services, DeRamus said. And they’re setting permissions too broadly, allowing anyone access.

Businesses will need to take a proactive approach to their cloud security, he said. And they should work toward implementing least-privileged access.

Companies can start by using behavior analytics and automated cloud security tools to adjust privileges to include – but not exceed – the needs of a role, DeRamus said. They’ll then be able to understand and better control access in their cloud environments.

A gap in security can be detrimental for a company, Johnson said. It costs time, resources and a loss of brand trust for consumers.

Gaps in security can also lead to a loss of control, which makes it hard to track threats and events.

“Some organizations might not even know a threat has occurred until weeks or months after an event,” DeRamus said. “Organizations should implement a continuous and automated cloud security solution for full visibility into their cloud environment, and to detect and remediate threats such as misconfigurations and compliance violations, in real time.”

Companies can either automate the remediation of those vulnerabilities or alert the appropriate personnel of the issue before a devastating data leak or breach occurs, he said.

Ingram Micro EMEA Beefs Up Cybersecurity Portfolio with AppGuard

Ingram Micro EMEA has broadened its cybersecurity portfolio to include AppGuard zero trust endpoint protection.

AppGuard’s software controls the behavior of applications and stops malware attacks prior to launch with its autonomous policy engine.

“In 2020, the COVID-19 pandemic has transformed our entire global ecosystem with its massive effect on the global workforce and interconnectivity,” said Brian Vesper, head of Ingram Micro‘s Cyber Security Center of Excellence in Europe. “Along with this, we have witnessed a tremendous surge in cyberattacks focusing on the vulnerabilities exposed by this transformation.”

Sign up for Channel Futures’ new EMEA newsletter, where we feature news and analysis involving companies based in Europe, the Middle East and Africa, as well as those doing business in that region.

Ingram Micro wants to be the world’s largest cybersecurity solution provider and consultant by 2021, he said.

With AppGuard, Ingram Micro can provide a solution that prevents cyberattacks before they can compromise critical systems, he said. And there’s no impact to the performance of the endpoint.

“We believe that we can very quickly strengthen the cybersecurity posture of the MSSP community within Europe … through Ingram Micro,” said Maitland Muse, AppGuard’s executive vice president of channels and strategic alliances.

Read more about:

MSPs

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like