Related
Recommended

Arming Against Attack: Three Strategies to Impede Foreign Hackers

orafik
3 minute read time

By Omar Rafik, SolarWinds Senior Manager, Federal Sales Engineering

Here’s an interesting article on defending against foreign hackers. If you give an IT pro the right training and tools, there’s no question that they’ll be better prepared.

Cybersecurity has become a hot topic of conversation. From Facebook to DHS, both private and public organizations have become extraordinarily cognizant of the potential threats posed by external hackers.

Last year, Director of National Intelligence Dan Coats sounded the warning bells. In his Worldwide Threat Assessment of the U.S. Intelligence Community, Coats wrote:

“The potential for surprise in the cyber realm will increase in the next year and beyond as billions more digital devices are connected—with relatively little built-in security—and both nation states and malign actors become more emboldened and better equipped in the use of increasingly widespread cyber toolkits.”

Meeting these challenges may be difficult, but not impossible.

By focusing on people, technology, and planning, federal network administrators may get a better handle on their networks, while strengthening security policies that can keep the bad actors at bay.

Hire the Right People, and Train the Ones Already in Place

Hackers are smart. They learn from being deterred.

It’s extremely important that agency personnel are continually trained about hackers’ latest exploits. This knowledge can be critical to detecting and reacting to potential threats.

Agencies should make investing in ongoing security education and training a top priority.

IT teams should also proactively use and scour all resources at their disposal—including social media channels, networking groups, and threat feeds—to keep up to speed on hacker activity, malware, and more.

Arm Employees With the Proper Tools

Today’s defense agencies are dealing with massive amounts of data, thousands of connected devices, and private, public, and hybrid cloud infrastructures. Manual monitoring approaches and traditional tools will likely be ineffective in these environments.

Effective federal security and network monitoring go hand-in-hand with solutions that can automatically scan and respond to potential anomalies, wherever they may be. For example, if an application becomes compromised, it can be difficult to trace the problem back to its source, particularly if that application exists within a hybrid IT environment.

Teams need tools that provide deep visibility into the entirety of their networks, so they can locate and quickly correct the issue before it becomes a critical problem. Agencies also need a means of tracking devices as they appear on their networks. If a rogue or unauthorized device attempts to access the network, administrators can track it directly to its user.

That user could be a member of a foreign hacking group, or a bad actor who obtained a DoD employee laptop that may have been erroneously left behind. Without the proper tools in place, there may be no way to know, and certainly no way to immediately block the device or shut down network access privileges.

Develop—and Continuously Update—Security Strategies

A strategy shouldn’t simply be bullet points in an email, but a well-formulated plan that outlines exactly what steps should be taken in case of a breach.

The security strategy should also be continually updated. Threats do not stand still; neither should security plans.

In addition to their daily checklist of action items (log reviews, application patching, etc.), IT teams should plan on testing and updating their security procedures on a regular cadence—annually, at minimum, if not more frequently.

By building a powerful combination of the right people, the right tools, and the right strategies, defense agencies will be well equipped to combat these new threats.

Find the full article on American Security Today.

The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other trademarks are the property of their respective owners.

  • If you think about it, it's a lot cheaper to place safeguards in place and take the time to do so than to pay to clean up a breach.  On average, records taken during a breach are about 121,000. And, depending on the industry can cost from $75-$408 per record to put things back to normal. Read more about the cost of a breach here: https://loop1.com/blog/cyber-security/

  • While this is a rehash of what has been a thing in the private sector for quite a while now...

    A takeaway that was not mentioned is that many hackers can devote many more hours a day than your typical IT employee.

    Think of it like that dog you have that is always finding away out of the fenced yard.  The dog has all day to work on the problem while you don't...thus they can find exploits as fast as you can block the ones that have been found.

    So regardless of training and tools we are always behind the curve and must be mindful of that and therefore must be ever vigilant in our duties.

  • This is so true.  Thanks for the post.

  • Train, Tools and Tactics. (Sorry, had to illiterate)

    Training often gets neglected because staff is always learning by doing. I've always come out of training with a better understanding of the products studied and a renewed excitement to use that product.

    Tools are important in every job and the quality of the tool contributes directly to the quality of the outcome.

    Tactics, I used to hate meetings, OK, I still do when the meeting is for the sake of meeting. But good, useful, efficient meetings are vital to a well functioning team. As the team strategies and plans things come together and people work better.

Thwack - Symbolize TM, R, and C

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.