Hiring managed services is a measure to tackle the shortage of qualified labor and the technological gap in the government sector
Data collected by the Office of Institutional Security of the Presidency of the Republic (GSI) reveals an increase in the incidence of cyber attacks and vulnerabilities in federal government agencies in January. There were 989 incidents recorded in the month, an increase of 75% compared to the same period last year. Among the main incidents detected were data leaks (413), encryption vulnerabilities (112), website abuse (107) and vulnerable software (82). These figures raise the alarm about the advance of cyber threats in the public sector and the urgency of defense and response measures, which has led to a growing demand for services provided by Security Operation Centers (SOCs) in municipal, state and federal agencies.
The increase in demand is justified by the shortage of skilled workers in information security and the technological gap in more advanced tools for cyber defense in the public sector. The shortage of qualified professionals is mainly due to a lack of training in information security, creating a “blackout” in this area. As a result, government agencies have been increasing their budgets by outsourcing managed security services to private providers, who are responsible for supplying SOCs.
“As cyber incidents grow in number and complexity, it is crucial to implement cyber incident defense, identification, treatment, containment and response activities as soon as possible, and SOC outsourcing has become a viable solution given the lack of highly specialized personnel in the public sector to deal with these occurrences,” says Sigmar Frota, Head of the government segment at Kryptus, a Brazilian cryptography and cybersecurity multinational.
The SOCs offer 24×7 monitoring of cyber incidents and continuous evaluation of public agencies’ security processes, correcting any flaws and raising protection levels. The teams identify network vulnerabilities and assess the extent of the damage of a possible invasion using tools and exhaustive tests, such as intrusion simulations, in order to increase the client’s defense and response capacity. “Having knowledge and experience of the criticality of vulnerabilities and anticipating their effects and damage is essential in an IT environment, since in terms of information security it is often said that there are only two types of government bodies in Brazil: those that know they have been digitally compromised; and those that don’t know it yet,” explains the Kryptus executive.
In terms of costs, there are two advantages to outsourcing the SOC to government agencies. “Security is no longer something you have to buy and install in the form of an asset. Therefore, the first advantage is that the government no longer adopts the CAPEX model – the so-called investment budget – for capital goods, such as licenses and information security devices, but instead adheres to the OPEX model – the so-called expense budget – characterized by acquisition as a service, with monthly payment for the same. In other words, the budget applied to SOC services is included in the expenditure budget lines, which are usually easier to make feasible and justify by the manager of the public body,” observes Frota. “The second advantage,” he continues, “is that the government doesn’t have to worry about replacing outdated information security technologies – something that is constantly and daily evolving – since the continuous updating of SOC tools, such as SIEM, Vulnerability Management, EDR/XDR and even Firewalls, is already provided for in the service contract that involves licensing these tools as a service.”
The Kryptus executive also comments on the typical behavior of cyber attackers targeting the public sector, generally seeking to compromise attributes such as the availability or performance of essential digital services made available to citizens. “This is very evident with the growth of ransomware or denial-of-service (DDoS) attacks, which make it impossible to provide a digital service by making an organization’s data unavailable through encryption in order to obtain financial gain through ransom or impair the response time of a digital service.” Frota also points out that such incidents can also be politically motivated, in the case of attacks promoted by hacktivists, with the aim of damaging the reputation of government entities, a factor that raises the level of alert regarding cyber threats with the holding of municipal elections in October.
“In such a scenario, it is to be expected that malicious attackers will try to exploit vulnerabilities in the IT environment of government organizations as we approach the election period,” says the executive. In the form of countermeasures, he recommends that defense teams take five reinforcement measures – the so-called hardening – to strengthen the security of IT components and services, such as applications, operating systems, servers, databases, networks and their assets and endpoints:
- Password/credential management: strengthening passwords to avoid exploitable vulnerabilities typical of credentials, such as default passwords or inadequate (unencrypted) storage of credentials on local disk;
- User privilege assessment: adoption of the principle of least privilege to ensure that users only have access to what is necessary, thus reducing potential security breaches;
- Automated updates and patches: automation of the software and firmware update process to mitigate known vulnerabilities and prevent zero-day attacks;
- Protection of data in transit on the network: implementation of encryption to protect network traffic and data in storage, including encrypted backups outside the production environment;
- Checking for misconfigurations: carrying out regular audits to identify and correct misconfigurations in servers, routers, firewalls, etc., thus reducing the risk of exploitation by attackers.
“Ideally, information security managers should take the opportunity to adopt concrete hardening measures within the window we have of 150 days or so until the first round of elections on October 6,” Frota concludes.
*** Translated by DEFCONPress FYI Team ***