Unfortunately, the days of local governments being generally exempt from cyber attacks are gone; many cyber criminals view municipalities and school districts as “low-hanging fruit” in this realm. Low IT budgets, small IT departments, and older systems, applications and equipment all contribute to making our towns and cities easy targets for those who wish to do harm. And as they look for ways to shore up their cyber security programs and protect both themselves and the taxpayers who depend on them, one method of protection that is quickly becoming state-of-the-art is called adaptive security.
Adaptive security is a proactive-based approach to continuously monitoring and “staying ahead” of security threats. It is a more dynamic model in which threat monitoring is constant and evolves to keep up with changes in cyber security risks. Central to adaptive security is a city or town continuously anticipating the attack, as opposed to being reactive—hoping one doesn’t occur and then responding to each event as they arise. It is also ever-changing; this is not a “set it and forget it” system like more traditional security prevention techniques, but rather it is about continuous monitoring and security analytics.
Essentially, adaptive security gets the organization “ahead” of the attack; as anyone who has been impacted by cyber security knows, responding to and remediating procedures post-attack can be costly. With adaptive security programs, the municipality anticipates and prepares for the attack before it occurs, making not only the likelihood of attack less so, but also the response process for when an attack does occur quicker and easier to implement and overall, more effective.
At its heart, adaptive security creates a security “loop” of four stages, which have been identified as Predict, Prevent, Detect, and Respond.
The use of analytics is also elemental to adaptive security and identifying where the greatest risks are. Heuristic analysis tools can be utilized to determine the susceptibility of a system or application towards particular threats and risks. These types of scans can check files or script patterns for any anomalies and notify IT immediately, possibly before an attack causes any damage. The code is then examined for suspicious properties that may exist within new or unknown viruses, as opposed to the traditional model of virus detection in which software/virus scans search for only the already-known or already-existing viruses and malware.
One other advantage of adaptive security is its proportionality—as cyber attacks and threats become more sophisticated, adaptive security can be ramped up to manage and mitigate increased or new threats. Conversely, after implementing additional security monitoring tools and controls and assessing the current cyber environment, IT may be able to redirect or “dial back” security measures in areas that are less prone to attack or where the entity may have a higher risk tolerance. Essentially, through monitoring, IT security measures can be placed in the areas that need it most, maximizing IT security effectiveness.
While implementing adaptive security may have a cost associated with it up front for a municipality (such as purchasing and configuring cyber monitoring tools and programs), it is generally going to be less costly than recovering from a significant cyber attack or breach. Having strong IT tools in place to do the monitoring and analysis—which otherwise would have to be done manually by staff—may lead to budget savings, and investing in strong preventative adaptive security measures up front should save a municipality significant funds in the long run.