by Nick Kael
Posted on March 21, 2023
The public sector, sometimes perceived as a vertical that is slower to adopt new technologies and IT approaches than private enterprise, has in fact largely switched over to standard corporate tools like SaaS applications, business collaboration platforms, and virtual meeting solutions like Zoom and Google Meet to drive productivity. These apps reduce costs, help manage data and IT functions, and enhance communication and collaboration between employees, external contractors, and constituents. For example, the City of Los Angeles’s 100,000 employees use Microsoft 365, Business France has adopted Salesforce and the European Patent Office conducts opposition hearings on Zoom.
The public sector has also increasingly turned to public-facing private web apps to automate and streamline delivery of government services. “Appifying” services reduces staffing costs while allowing citizens and businesses to accomplish administrative tasks without delay, at their convenience, from home or work.
While use of powerful applications can help streamline government functions and increase efficiency of public service provision, it also entails some significant cybersecurity risks. These include:
Online meeting platforms are valuable productivity tools but they present unique risks, too. Employees may share sensitive information within virtual meetings, in chat, screen shares, or even during video meetings, if physical whiteboards, screens or pages happen to be visible in the background. Also, cyber criminals can gain access to user IP addresses exposed by meeting apps; deliver malware via links in chats; and gather sensitive data as uninvited—and unwanted—attendees. For these reasons and more, many defense agencies bar virtual meeting use.
A significant benefit of web apps is their anytime, from anywhere availability—a contributing factor to their growth during the recent pandemic. But while simplifying access for users working on BYODs and 3rd party contractors is key for enabling remote work, use of unmanaged devices creates grave risks since unmanaged devices lack rigid security controls. As a result, attackers can more easily gain access to those devices and use them to steal user credentials, /or access apps to find data, move laterally through networks, and establish persistence.
SaaS applications are accessible from anywhere with an internet connection. Cybercriminals may gain access via stolen credentials or credential stuffing attacks. Even agencies that follow best practices and require users to sign in with multi-factor authentication are vulnerable to attacks due to relatively new hacking techniques in which session cookies are stolen. In addition to risks of data breach, if user policies are not properly set, hackers may perform unauthorized operations, alter data and permissions, introduce malware or otherwise wreak havoc.
Use of Shadow IT by public sector employees poses a particular risk for government agencies. With workplace and personal apps operating side-by-side in users’ browsers, without proper controls it is simple to copy data from one tab and paste it into another. Whether for innocent (but misguided) purposes, such as continuing work on a project from home, or for malicious purposes, strict controls are necessary to protect sensitive information held by government agencies. This is a particular risk with unmanaged devices, which lack browser controls to limit copy/paste and print functions, and might be infected with keyloggers or other malware.
The advantages of using SaaS applications are clear but public sector agencies must implement ways to secure them. Here are some solutions that can help:
Virtual meeting solutions such as Zoom, Microsoft Teams and Google Meet are complex applications that require seamless integration of multiple functions, including video, audio, chat, and screen sharing. Most security solutions cannot effectively protect these applications.
ZTEdge Virtual Meeting Isolation (VMI) provides isolation-enabled protection for organizations that use Zoom or similar meeting apps . With VMI, meeting functions – video, audio, chat and screenshares – are all isolated within a secure cloud-based environment on the Ericom Global Cloud.
Granular browser controls restrict who can share videos and screens, and which data can be shared. VMI also applies Data Loss Prevention (DLP) controls to prevent confidential information from being inadvertently or maliciously disclosed through screenshares or passed in chats, even chats that are end-to-end encrypted (E2EE).
Additionally, VMI extends isolation capabilities to all meeting participants, not just those within the organization, to prevent unwanted eavesdropping. To protect from malware, malicious links are disabled, even in encrypted meeting chats. To maintain privacy and security, participant endpoint IPs are obscured to prevent network compromise.
RBI (Remote Browser Isolation) solutions can also help protect users from common credential theft methods, such as phishing attacks and keyloggers. By opening unknown sites that may be spoofed or used for credential theft in read-only mode and air-gapping user devices from websites, they block malware from infecting endpoints and networks. RBI prevents malicious actors from accessing user browsers to steal session cookies and thus also protects against new methods of bypassing multi-factor authentication (MFA).
Isolation can also be applied in reverse to protect the public-facing surfaces of government and public sector agency apps. Ericom’s ZTEdge Web Application Isolation (WAI) cloaks app surfaces from threat actors seeking vulnerabilities to exploit, protecting apps from attack and preventing cybercriminals from breaching government systems via their apps.
To protect government networks from the dangers of unmanaged devices, such as those used by contractors and employees’ BYODs, WAI can act as a type of clientless Zero Trust Network Access (ZTNA) solution, applying web-based controls that transform the browser into a crucial control point. From unmanaged devices, users may log in to agency web apps solely via their organization’s dedicated tenant on the Ericom Global Cloud: Logins from any other IP address, even with valid credentials, are simply blocked.
Within the cloud, WAI restricts in-app user access and activity based on security posture elements including user identity or group. Isolation is applied to ensure that any malware that is present on user devices cannot reach SaaS or private agency apps. Additionally, WAI restricts data capture functionality, such as clipboarding, printing, and downloading, and provides visibility into user access to SaaS apps.
Isolation-based solutions—both RBI and WAI—go a long way to addressing the risks of shadow IT. By combining, policy-based controls of browser functionality and in-app activity with DLP restrictions on what can be shared and uploaded to instant messaging apps or private accounts, Ericom ZTEdge solutions protect agency assets without imposing the kinds of IT restrictions that inconvenience users.
To learn more about protecting your public sector agency’s digital assets and apps from malware, ransomware, phishing and breaches, download our free “To Secure the Public Sector from Cyberattack, In Zero We Trust” white paper.
Going Bold: Cybersecurity is Not for the Faint of Heart
Ericom's new website features a new design, colors, and logo symbolize the strong protection offered by our cloud-based cybersecurity solutions
New Variant of Credential-Stealing Browser Malware
The new Zaraza bot successfully decrypts encrypted user credentials stored in browsers and exfiltrates them to Telegram servers for purchase by aspiring cybercriminals.
With AI, Even Amateurs Can Create Sophisticated Malware
Despite good faith attempts at building in guardrails, generative AI platforms have been successfully coaxed to create undetectable malware.