Government budget pressures leave door open for attacks

Tanium predicts ransomware attacks against government agencies will continue in 2021

Posted 16 December 2020 by Christine Horton

The spate of ransomware attacks targeting state and local governments this year indicate further struggle for mission critical agencies in 2021.

That’s according to endpoint cybersecurity company Tanium, which has issued its cybersecurity predictions for the coming year.

“Distributed workforces have impacted the government sector as much as the commercial sector,” said Adrian Beck, AVP of customer success at Tanium. “What makes the Government different in 2021 is the sustained and impactful budget pressure.

“Governments have been thrown into turmoil in 2020, borrowing heavily to execute appropriate COVID-19 response programmes. That may continue in 2021 and, if so, budget pressure will be more intense than ever. IT leaders will need to strip back their spend to the fundamentals, extracting every last saving possible. This could introduce cybersecurity gaps for attackers to exploit.”

While ransomware isn’t going away, 2020 has taught us some important lessons, added Chris Pick, CMO at Tanium.

“Good segmentation and permissions can help to stop ransomware, but there’s going to be a growing focus on having a ‘kill switch’ – something that can shut things down to stop the spread before it locks down your entire environment.

Distributed workforces

The firm also notes how distributed workforces and sprawl of devices are causing IT management headaches, which should be addressed in 2021.

“For years, I’ve been hearing from IT and security leaders about how tool sprawl is adding a huge management burden and resulting in more siloed teams and data,” said Pick.

“2020 exacerbated this challenge and organisations moved to rapidly adopt cloud platforms to better support remote workforces – and were forced to adopt point solutions to manage those individual cloud environments. This is not a sustainable model, and as the dust settles on 2020, there’s going to be a much bigger push to find platform – and environment – agnostic tools that can give security and IT leaders the big picture.”

Beck contends that the concept of Zero Trust will become more important for securing the remote workforce.

“Zero Trust is more important than ever with distributed workforces, BYOD and access to company resources from any device, any network, any time of day. Many traditional security controls are largely irrelevant now,” he said.

“IT leaders will begin to shape an overall Zero Trust framework by looking at the ‘new normal’ and trying to figure out how to apply Zero Trust principles to all combinations of information consumption and all layers of the stack – from users through applications, devices and the network. This will be incredibly difficult to do with reduced control and budget pressures.”