Web browsing in a zero-trust world

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By David Canellos
 

Connecting state and local government leaders

By David Canellos

|

Remote browser isolation protects users by moving all web-based activity to a disposable cloud container.

The drumbeat of daily cyberattacks on state, municipal and local government agencies is enough to strike fear into public-sector employees and the citizens who depend on the services they provide.

Within the first six months of this year, more than 22 governments have reported ransomware attacks, including Albany, N.Y., Riviera Beach, Fla., Augusta, Maine and the state of Utah. There was also the high-profile ransomware attack on Baltimore, an attack on Georgia's Judicial Council and Administrative Office of the Courts and a successful business email compromise attack on the Virgin Islands Police Department. 

By the time this article goes live, the list will have, without doubt, grown longer. Government systems are attractive targets because they manage large troves of information that can be sold on the darknet. Additionally, tight budgets may mean that agency information security teams are understaffed and behind on the latest approaches, such as threat modeling and zero-trust security. Whatever the cyberattack endgame, it’s critical for government offices to recognize the risk of cyberattacks and put policies and procedures in place to mitigate (if not eliminate) them. 

So what should agencies do if they are compromised? And more important, how can they avoid becoming the next victim of a cyberattack?

Agencies often receive conflicting advice on cyberattack response. Law enforcement officials insist that ransoms generally shouldn’t be paid, while security consultants, charged with helping clients reclaim control of their systems and data, often advise payment as the fastest, least expensive way to get up and running.

Unfortunately, ransom payments don’t always come with guarantees, and recovery is rarely complete. Some malware, like NotPetya, claimed to be ransomware but actually wiped systems clean of all their data, for a lose-lose scenario. In cases when the hackers do (so to speak) act in good faith and hand over the key, systems must be rebuilt to ensure that all ransomware is removed. So even when organizations pay ransom, they still bear costs for re-creating or remediating their systems.

How to avoid becoming a cyberattack victim

To combat the threat of cyberattacks, government information security departments must identify and remediate cybersecurity weaknesses. They can strengthen defenses to prevent breaches, data theft and extortion with the following approaches:

Invest in IT staff and defensive technologies. It’s a given that government entities are hard-pressed to fund all the services they must provide. As a result, IT departments tend to be underfunded, underequipped and understaffed -- a big reason why hackers love government agencies. However, compared to the sums agencies may spend on ransoms and attack recovery -- Baltimore's tab is up to $18 million -- additional staff and up-to-date solutions are wise investments.

Conduct training and testing. By educating staff to identify and carefully examine suspicious emails and links before clicking, government entities can limit, if not entirely eliminate, successful phishing and business email compromise attacks.

Practice asset management.  Significant personal data is housed in government systems, which makes accurately inventorying all assets and data a critical first step toward protecting  data. Limiting access to the full library of assets to a few carefully chosen employees is also important.

Adopt cybersecurity best practices.  Data breaches often result from mistakes that are all too obvious in retrospect. By following best practices such as internet isolation, agencies can protect sensitive systems and data while empowering employees to freely browse the sites that they need to get their work done.

Zero-trust security for government cyber protection

Organizations that lack sufficient resources for optimal IT staffing and a full, state-of-the-art security stack should implement the cybersecurity best practices that effectively address the most pressing threats, within budgetary limitations. Applying zero-trust precepts to the challenge is one way agencies can work toward ensuring that users, networks and data are secure and protected.

The zero-trust concept --  trust no one and verify everything -- revolutionizes cybersecurity. Agencies can avoid many cyberattacks if they assume that no element -- whether internal or external -- can be automatically trusted as secure without verification.  Web browsing, however, creates a zero-trust conundrum because the internet clearly cannot be trusted, but it cannot be verified either.

Zero-trust proponents have suggested whitelisting trusted sites while blocking access to all other sites. While (usually) safe, limiting access to all but known-to-be-needed sites decreases productivity and often frustrates employees. It creates hurdles for users and is burdensome for IT staff. Users must request access and wait while IT staff members shift their attention from more important tasks to consider, examine and respond to user requests.

Zero-trust web browsing

Implementing a secure browsing solution is a highly cost-effective way to prevent attacks via today’s most virulent and widely used threat vectors. Remote browser isolation (RBI) operates under the assumption that nothing on the web is to be trusted. Every website, content item and download is suspect. 

With RBI, all browsing takes place remotely on a virtual browser in a disposable container located in the cloud. Users interact naturally with all websites and applications in real time via a safe media stream that is sent from the remote browser to the endpoint browser of their choice. When the user is finished browsing, the container and all its contents are destroyed. No content touches the user device. Users interact naturally with the sites they need, and the help desk doesn’t have to respond to access requests.

Today, the internet is increasingly the prime channel for delivering and accessing government services, making maintaining IT vigilance “priority one.” Staying ahead of the next wave of cyberattacks requires rethinking cybersecurity best practices, technologies and approaches for today’s cloud-based, perimeter-free age.   

NEXT STORY: Should Electric Vehicle Drivers Pay Per Mile?

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.