网络安全是攻击者与防御者之间的竞赛。长期以来,政府一直在孤军奋战,而攻击者频繁锁定公共部门实体,在几乎没有阻力的情况下发起具有国家影响的攻击。尽管有建立基准控制的规则和条例,但攻击仍在继续定义日益增长的威胁格局。严峻的现实是,威胁面已经超出了政府能够切实防御的范围。
政府旨在保护的数字基础设施是私营公司的产物。国家自身能够保障的安全有限,这意味着重点必须转向与私营部门的密切合作。为什么理想的防御和进攻态势需要政府更协作的努力?
首先,网络威胁的规模和复杂性在上升。现代网络攻击在频率、规模和成熟度上都高出许多。帕洛阿尔托网络公司发现,在750多个事件响应案例中,87%的入侵针对多个攻击面,从终端和网络到云基础设施、软件服务(SaaS)、应用和身份认证。入侵在连接的系统中横向传播,因此当攻击者可以在同一行动中通过多个切入点转移时,仅防御好一层是不够的。
其次,日常依赖支撑的攻击面正在扩大。现在的攻击已经超出了组织的运作边界,包括云平台、API、供应商和托管服务提供商。这些第三方依赖扩展了攻击面,为攻击者提供了更多利用途径。对远程支持工具的攻破曾使攻击者能够进入美国财政部的多个办公室,这证明了这种威胁的现实性。
Cybersecurity is a contest between attackers and defenders. For far too long, governments have been defending their turf alone while attackers frequently target public-sector entities with little to no resistance, launching attacks with national ramifications. Despite rules and regulations meant to establish baseline controls, attacks continue to define a growing threat landscape. The harsh reality is that the threat surface has grown wildly beyond what governments can realistically defend.
The digital infrastructure that governments aim to secure is a product of private companies. There are limits to what the state can secure on its own, which means the focus must shift to closer collaboration with the private sector.
Let’s take a closer look at why an ideal defensive and offensive posture for risk management should entail a more collaborative effort from the government.
Rise in the scale and complexity of cyberthreats
Modern cyberattacks have gone many notches higher in terms of cadence, scale, and sophistication. Such attacks do not depend on a single vector. Palo Alto Networks found that 87% of intrusions across 750+ incident response cases targeted multiple attack surfaces, from endpoints and networks to cloud infrastructure, SaaS, apps, and identity. Intrusions spread laterally across connected systems, so defending one layer well isn’t enough when attackers can pivot through multiple access points in the same campaign.
Growing attack surface underpinned by everyday dependencies
Years ago, the attack surface felt like an attack on the organization’s operational perimeter. Today’s attacks have moved beyond this perimeter to include the functional elements of any organization, including cloud platforms, APIs, vendors and managed services providers. These third-party dependencies broaden the attack surface, giving cyber attackers more avenues to exploit. A compromise of a remote support tool enabled attackers to access multiple U.S. Treasury Department offices, an example of how third-party access can become the easiest entry point.
Technology ownership controlled by private entities
There was a time when major technology shifts and advancements were a direct outcome of research funded by different government entities. Examples of that include the origins of the Internet, global positioning systems (GPS), solar energy and many others. But things have changed, and it is the private sector that now drives technological advancements. Critical digital infrastructure is overwhelmingly built and operated by private entities, and the government doesn’t have total control over all its operational levers. This demands a change in thinking, requiring them to partner with the private sector to secure the infrastructure on which a country depends.
Cybercrime has gone industrial and is very persistent
Cybercrime is an industry with different specializations, services, tooling, and repeatable playbooks. And this industry is decentralized, meaning arresting
