Cyber Threat Awareness: Government Agencies

The Internet is without doubt one of the greatest inventions of the 20th century, as no other technology has had such a profound and pervasive effect on all aspects of human life. Often described as the information superhighway, the Internet has revolutionized the way we entertain ourselves, communicate and do business. Among the early adopters of the new technology were government agencies who quickly embraced the concept of using computer networks to achieve higher productivity and better collaboration. One service that has become particularly popular with government agencies is e-mail. Email has brought unprecedented speed, reliability and convenience with which intra- and inter-agency communication could be carried out.

The Internet and World Wide Web are now actively used for delivering government information and services to citizens, a technology known as e-government. E-government may include anything from responding to citizens’ questions via email or web sites to accepting payments for government services over the Internet. The idea of e-government met with positive reaction and that is a definite sign that it is here to stay.

Government agency operation thus greatly depends on the health of its networking infrastructure. Unfortunately, more and more threats have been appearing recently that jeopardize government networks. Some of the most common threats that government agencies face nowadays include:

• Attacks involving email
• Cyber espionage and data leaks
• Vulnerable workstations
• Inappropriate employee network use

Email has always been one of the most basic and yet powerful services available to Internet users. However, as with many technologies created at the dawn of the Internet era, it is largely insecure. Most email systems do not provide any kind of authentication, and it is very hard for users to understand where the message originates from and whether or not the sender is a trusted party. This makes it very easy for attackers to send fake messages or to pretend they are someone else. Email attacks usually follow a common and well-known pattern. Attackers send an apparently genuine email, which is in fact a phishing attempt. The email contains a link to an internet page containing malware, or it contains a malicious attachment. The malware is able to exploit software vulnerabilities to allow the attacker to gain sufficient control over the target. Unprotected email system is therefore a common attack vector for hackers looking for an entry point into a government network. Gaining control over the target computer is usually the first step of the attack as the hacker uses the compromised computer as a foothold for attacking other victims or other machines in the same organization. Usually, the attacker’s ultimate goal is engaging in cyber espionage or gaining access to confidential data.

The problem of data leakage has lately drawn much attention and there is indeed a good reason to be worried. Government agencies collect and store a vast amount of personal information about citizens - social security numbers, bank account numbers, medical records, etc. Leaking this type of data almost always leads to financial or medical identity thefts. While citizens usually trust government agencies, they may be shocked to find out that agencies are not doing enough to protect sensitive data. A recent analysis of data breaches in the US government sector by the security firm Rapid7 found “a steady increase in the number of records exposed” during the last three years. From January 1, 2009 to May 31, 2012 there were 268 reported breaches at government agencies that exposed more than 94 million records containing personally identifiable information. The Rapid7 report concludes that these breaches resulted from cyber-attacks, weaknesses in information security controls, and not protecting data on portable devices.

The chain is only as a strong as its weakest link and quite often networked workstations are that proverbial weakest link in an agency security system. While servers usually get all the attention from network administrators, a typical workstation may lack an antivirus or even a firewall. Workstations are much more prone to be infected with a virus because of curious users who would download content from unknown sources and launch suspicious files for execution. Workstations often contain sensitive data and, if compromised, serve as a foothold for further exploitation of the agency network.

Last, but not least there is a problem of inappropriate employee activity and network use. Employee Internet abuse, which is informally known as cyberslacking, is recognized as a productivity threat by private businesses and government agencies alike. Cyberslacking refers to the activity in which an employee uses their Internet connection for personal purposes for excessive amounts of time. The Aberdeen Research Group report indicates that employees squander anywhere from 30 minutes to three hours a day on nonwork-related activity. According to Websense, a US-based company specializing in web filtering software, “During the nine-to-five workday: 70% of all Internet porn Traffic occurs; 30% to 40% of Internet surfing is not business-related; more than 60% of online purchases are made”. Employee misuse of the Internet not only robs the employer of paid work, but also increases the risk of data leaks and virus infections.

With a lot of security threats to worry about, government agencies need a solution that can secure their networks. Here at Smart-Soft we have developed a solution that addresses and effectively solves all of the outlined security threats. Its name is Traffic Inspector.

Traffic Inspector is Microsoft Windows-based software for network security and access control. Traffic Inspector gives our customers an unprecedented control over network security, web access, and traffic analysis, while protecting them from malicious web and email activity. The product includes a plethora of tools to manage home and office networks, including a secure firewall, web access rules, a spam filter, a traffic shaper, traffic prioritization settings, and extensive logging and reporting functions.

Traffic Inspector features SMTP Gateway to protect against email and phishing attacks. Integrated SMTP Gateway is designed to serve as a front-end to an organization mail server and filters out spam and unwanted email. Plugins like Web WOT and Phishing Blocker block unsafe and phishing web sites by leveraging WOT reputation and Google Safe Browsing services respectively.

Our unique and certified security solution protects your networks against data leakage by allowing administrators to implement effective Internet access policies. With Traffic Inspector, you control traffic that enters and leaves your network.

Traffic Inspector deploys a multi-layer network security system. It provides firewall protection against external network attacks and the Flood Mitigation system blocks users generating excessive network traffic on your internal networks. When using a Kaspersky Gate Antivirus plugin, Traffic Inspector can inspect web and email traffic and block malware from entering your network.

Traffic Inspector helps fight against cyberslacking. With our solution you can track user activity and pinpoint employees who are abusing their Internet access. Traffic Inspector improves employee productivity by blocking social media sites, entertainment sites, on-line games, music and video content.

To sum up, there is a great need for governments to take action to protect citizens and their sensitive information. While governments are busy conducting cyber security researches and formulating strategies, government agencies have to react quickly to the ever-changing landscape of security threats. Traffic Inspector provides protection when it matters most. Start using Traffic Inspector today and secure your network.