SonicWall CEO Talks Federal Cybersecurity, Resiliency and Ryuk
Every industry has its own considerations when it comes to cybersecurity.
And then there’s the federal space.
From stringent regulations to the heightened risks associated with failing to secure some of the world’s most sensitive information, there’s no industry where the effects of a cyberattack could be further-reaching — or have the potential to be as devastating.
Due to its long history of working with federal agencies, SonicWall President and CEO Bill Conner has become recognized as an expert in government cybersecurity. He’s frequently invited to share his insight on new trends, advances and threats facing those charged with securing U.S. federal government networks, most recently as a guest on the Federal Tech Talk podcast.
While secure remote work has been a hot topic since the beginning of the COVID-19 pandemic, comparatively little has been said about how this has affected federal departments and agencies. But in his conversation with host John Gilroy, Conner explained that federal agencies have gone through much the same process of looking for ways to secure remote and mobile work.
“Government agencies and departments, whether it’s intel, procurement, etc., are now trying to figure out how to keep the business on, and at the same time, how to keep information protected,” Conner explained.
Despite the sensitive information these agencies deal with, they still have to contend with the same remote work risks as any other industry. Without a means of securing mobile workforces, employees working from home may be connecting to sensitive government data and applications via an unsecured home network or unsecured devices.
“Government agencies and departments, whether it’s intel, procurement, etc., are now trying to figure out how to keep the business on, and at the same time, how to keep information protected.”
“We got very comfortable in work, segmenting our networks and segmenting the security cameras, climate systems and other office IT. But when people go home, they aren’t considering the fact that they have devices such as Alexa, door chimes, home security systems, gaming consoles and even refrigerators that can connect back to their employers’ network,” Conner said.
And all of these new exposure points can lead to a variety of threats. Ransomware, in particular, has been on a steep upward trajectory since the beginning of the pandemic, and attacks against federal, state and local governments in particular have spiked over the past couple years.
“We know federal agencies are defending against hundreds of thousands of ransomware attacks each day, both from people simply trying to gain access and people looking for money,” Connor explained.
And with ransomware in the U.S. up 140% through the first nine months of 2020 (versus only 40% globally), it’s clear that, as cybercriminals step up their attacks on governments around the world, the U.S. government in particular will continue to face an unprecedented barrage of laser-targeted, highly sophisticated attacks.
A portion of this growth is being fueled by Ryuk, a relatively new ransomware strain. Ryuk is dangerous because it’s targeted, manual and often leveraged via a multistage attack (Emotet > Trickbot > Ryuk). In late January 2020, Virginia-based Electronic Warfare Associates (EWA), a well-known U.S. government contractor, was infected with Ryuk ransomware. And just a few months prior to that, Ryuk was implicated in an attack that took down 23 local government agencies in the state of Texas.
Based on SonicWall’s Q3 2020 threat research, since Q3 2019 Ryuk attacks increased a mind-blowing 1,275,245%, representing more than a third of all ransomware attacks recorded by SonicWall thus far in 2020.
As attacks like these continue to increase, Conner says, federal agencies will need to broaden their focus from cybersecurity to cyberresiliency. According to Conner, this means expecting that you’ll eventually be compromised and preparing for it, not just in terms of your security effectiveness, but also the security vulnerability that your infrastructure and supply chain could introduce. That includes an emphasis on securing remote work, which Conner says is less a temporary aberration and more a permanent reframing of what it means to both do business and to secure business.
“The new reality is here, and we have to accept it, embrace it and prepare for it,” Conner said. “This is not a one-time event. When I talk to my friends at the DoD, they get it. It’s never going to go back to the way it was. They have to be more mobile. Businesses change, government is changing, people are changing. So that’s what we’ve got to get our heads around. And knowing that, how do we secure in this new norm, and also ensure privacy?”
To hear the rest of the insights Conner shared, on APT attacks, endpoint security and automation, listen to the full Federal Tech Talk podcast.