Top 3 Cybersecurity Threats for Governments


1. Continued Growth in the Digital Attack Surface

As organizations adopt new technologies and operating patterns, malicious cyber actors become more inventive and discover new ways to exploit them. The remote environment provides ample opportunity for malicious actors to gain foothold as agencies continue to expand their network infrastructure in order to accommodate work-from-anywhere (WFA), remote learning, and cloud services. Threat actors are increasingly not targeting only the traditional core network of an organization, but also “anywhere” environments across the extended network, including assets that may be deployed across multiple clouds, each with a different set of security policies and capabilities.

Zero-trust policies and architectures should be implemented as soon as possible by government agencies. As a result, the organization can better protect its data and support a ‘work anywhere’ approach, where users, data, and devices connect in increasingly innovative and non-traditional ways.

Furthermore, software defined networking (SDN) is becoming increasingly common, and SD-WAN (Software Defined Wide Area Network) is becoming increasingly important because it offers organizational flexibility, cost savings, and a better user experience. SD-WAN can offer organizations a wide range of benefits, as well as provide powerful and dynamic segmentation capabilities that restrict intruders’ freedom of movement and keep breaches to a smaller portion of its network.

2. Increasing number of OT attacks

The General Services Administration has announced that it wants to deploy smart energy technology in all of the 10,000 buildings it manages for the Federal Government by 2025. As green building technology and building automation become more popular (‘smart buildings’), the need to secure operational technology (OT) within government organizations’ digital environments will increase. Some attacks have taken advantage of the convergence of IT and OT networks to compromise IT networks through OT devices and systems within the office and even via Internet-of-Things (IoT) devices implemented within the home networks of remote users.

Since networks are becoming increasingly interconnected, virtually any point of access can be targeted to attempt to gain entry to the IT network. Many OT and IOT devices lack strong security and cannot be upgraded or patching, forcing organizations to be nimble and adopt methods such as virtual patching of such headless devices.

Given the sophisticated and often clandestine nature of the attacks directed against them, government agencies should consider the use of deception technology to help an organization discover intruders and impede their movement.It helps conceal sensitive and critical assets behind a fabricated surface, which confuses and redirects attackers while revealing their presence on the network.

Studies also suggest that, if an agency deploys deception technology, it doesn’t need to use it everywhere to reap the benefit — much as a home security sign both deters intrusion and affects how any would-be burglar proceeds if they do proceed to try to break in.

Increased use of artificial intelligence by malicious actors

The rise in deep fake technology should be of growing concern to both public and private sector organizations. It uses artificial intelligence (AI) to mimic human activities and can be used to enhance social engineering attacks.

Phishing continues to be a serious problem to the government, with many employees continuing to work remotely and rely on email to conduct business. Look for malicious actors to not only steal an user’s identity and address book, but also the contents of their email inbox and outbox.

Advanced technologies like fortinet’s endpoint detection and response (EDR) can help by identifying malicious threats based on behavior, either of any executable code associated with that email (by running it in a virtualized sandbox), or based on malicious characteristics fed to the EDR engine from other sources of cyber threat intelligence. The speed of attacks is increasing, and EDR coupled with actionable and integrated threat intelligence can help agencies defend against threats in real time.


Government agencies provide essential services and have valuable data which citizens and partners rely on it to secure on their behalf. Government networks are targeted both by persistent and sophisticated actors, as well as by criminals seeking easy gains.

In order to enhance cybersecurity and vulnerability management in government networks, it is imperative that they embrace Zero Trust security principles and implement EDR and deception technology. Threat actors and their attack methods are getting faster and more sophisticated, but by pursuing an integrated and automated approach to visibility and control, governments can better secure their assets.

As these assets are placed in different locations, users and devices who require them are changing as well. Agencies must provide connectivity and security for on premise computing, in the data center, in the cloud or at the edge. Smart planning, doing the cybersecurity basics, and leveraging the increasing convergence of networking and security are keys to ensuring that organizations can operate efficiently and securely.