Cybersecurity Trends in Government 2021 Report

2021 REPORT
Cybersecurity Trends
in Government
A SURVEY OF EVOLVING
SECURITY THREATS IN PUBLIC SECTOR

1
Cybersecurity Trends in Government 2021 Report

TABLE OF CONTENTS

Report Highlights 3

Introduction 4

Survey Findings 6

IT Trends in Public Sector 7

An Evolving Threat Landscape 8

Shifts in Threat Actors 9

Responding to the Threat: Mitigations 11

Basic Cybersecurity Measures 13

Foundational Cybersecurity Measures 15

Organizational Cybersecurity Measures 17

Compliance & Government Programs 19

Budget Considerations 21

Key Findings 23

Privileged Access Management: A Closer Look 27

The BeyondTrust PAM Solution 30

2
Cybersecurity Trends in Government 2021 Report

Recent government Perceived PAM is ranked a top Cyber fears may

policy actions are cyberthreats are security control have peaked –
galvanizing agency shifting today and will grow the future looks
cybersecurity in importance with brighter
improvements emerging government

Report
programs

82% 61%

Highlights
T O DAY

believe the American #1 Risk consider PAM Positive impact of

Rescue Plan will Remote worker extremely or somewhat federal initiatives such
boost government or contractor important today as the Presidential
BeyondTrust commissioned a survey of cybersecurity vulnerabilities Executive Order on
Improving the Nation’s
senior federal, state, and local government
Cybersecurity and the
security professionals across the United
34% 1 -3
YEARS 71% American Rescue Plan
States, with 200 responses. assert improvement will #1 Risk of respondents expect
Increase in
be significant Fileless attacks PAM to maintain or
(83% in management roles) cybersecurity funding,
increase its level of
and the confidence
importance within 1-3
96% years
to select the right
solutions
say their cybersecurity
budget has adequate A subsiding pandemic
funding that will relieve
many IT and security
stressors

3
Cybersecurity Trends in Government 2021 Report

Introduction

4
Cybersecurity Trends in Government 2021 Report

Public sector IT teams are embracing Under increasing pressure to respond to

digital transformation and cloud these mounting cyber threats, the White
services to support more agile, House issued an Executive Order (EO) on
productive, and cost-effective operations, Improving the Nation’s Cybersecurity, on
Survey 27% 26%
while better serving constituents. May 12, 2021. The EO has highlighted the Local Federal &

The pandemic accelerated the work- crucial need, and galvanized the push, to
Responses Civilian

from-home movement, and now many rapidly improve national cybersecurity.

organizations have recognized the Across senior
27% 20%
benefits of workplace flexibility and federal, state, State Federal
intend to keep it, in some form, as part Without question, cybersecurity is now a DoD
and local security
of their permanent operating model. U.S. national security priority.
professionals
While these modernization initiatives have n = 200
Public sector organizations bear a special
improved productivity, they have also
accelerated the demise of the traditional responsibility to protect highly sensitive
computing perimeter and create government and citizen information. 3%
considerable challenges for cybersecurity IT Dir. 5%
CTO
teams. New security risks are being 7%
To better understand what keeps public CIO
introduced, expanding the attack surface,
sector professionals up at night, and
and creating new planes of privileges and
how they are responding to evolving
8%
vulnerabilities for adversaries to exploit. 33% CISO
threats and new mandates, BeyondTrust Security
commissioned a survey of senior Director
A tsunami of industry-shaking
federal, state, and local security
cyberattacks rolling through 2020 and
professionals across the United States. 12%
early 2021 starkly exposed how national SecOps
safety can be imperiled and large parts
Survey respondents were asked about
of society disrupted by breaches and
their fallout. Over 250 agencies and
security trends, concerns, threat 19% 14%
actors, and technology priorities— IT Manager IT Supervisor
organizations were impacted by the
both now and in the future.
SolarWinds supply chain attack alone.

5
Cybersecurity Trends in Government 2021 Report

Survey
Findings

6
Cybersecurity Trends in Government 2021 Report

IT Trends in This shift may reflect the perspective

that AI is rapidly coming of age,
Public Sector and organizations lack the tools or
know-how to effectively mitigate AI-
The survey ranked the level of concern
powered threats. Top 5 IT Trends
of security trends, both today and in the
near future (next 1 - 3 years), and the Threat actors are increasingly
shifts are intriguing. incorporating AI/ML capabilities to
Today In 1-3 Years
better weaponize everything from
Today, work-from-home initiatives
(cited by 54% of respondents), cloud
spear phishing to malware that more
1 Increase in WFH or remote work 1 Artificial Intelligence /
Machine Learning
effectively evades sophisticated
adoption (38%), and increased use of 54% 50%
detection technologies. Moreover, as
IoT (40%) in the public sector each are
public agencies look to wield machine
amongst the most concerning IT trends
learning technologies themselves, it’s 2 Blockchain 2 Blockchain
to our survey participants.
important to have the right security 48% 45%

controls, implemented correctly, to

However, looking ahead 1 – 3 years, Increased use of agile
concern about work-from-home
ensure the technology is not corrupted, 3 Increased IoT 3 development methodologies
misused, or used against them.
initiatives and cloud adoption both fall 40% 39%

by almost half, while concern about

Finally, concerns around blockchain
Quantum
IoT also dwindles. These decreases
holds steady at #2 across both time 4 Adoption of cloud 4 computing-based threats
may indicate that IT security leaders
periods surveyed, while increased use 38% 35%
feel confident they have identified the
of agile technologies (39%) and
measures to better manage these risks.
quantum computing-based threats
(35%) both landed on the top 5 future
5 Artificial Intelligence /
Machine Learning 5 Increased IoT
On the other hand, artificial 37% 32%
concerns list.
intelligence (AI) / machine learning
(ML) jumps from #5 today (37% of
respondents) to the top security
Over the next three years, the trends concerning security
concern 1 – 3 years from now, with
half of respondents (50%) rating it as professionals’ changes substantially as automation, modernization,
a somewhat or extremely high level of and digital transformation redefine current processes.
future concern.
7
Cybersecurity Trends in Government 2021 Report

An Evolving
Threat Landscape
Survey respondents were asked Notably, fileless attacks leapt from
Top 5 Cybersecurity Threats about the threat landscape, and how the #5 ranked concern to the #1
they expected it to change over time. concern over the 1-3 year period.

Today In 1-3 Years While none of today’s Top 5 threats While rankings shifted significantly
are surprises, it’s worth noting that over time, it’s notable that the future

1 Remote worker or contractor

vulnerabilities 1 Fileless attacks
disinformation may be a more concern for every single threat
salient concern for the public sector decreased, though it varied by type
65% 35%
as opposed to the private sector. of threat.
In recent years, disinformation
2 Ransomware 2 DDoS
campaigns have been wielded to For example, concern for remote
61% 31% threaten the integrity of government worker or contractor vulnerabilities
agencies, officials, and initiatives, as declined by more than half (to 35%),
Phishing/ Remote worker or contractor
3 social engineering 3 vulnerabilities
well as elections. while ransomware concern fell by
almost two-thirds (to just 21%).
60% 29%
However, looking ahead 1 -3
years from now, ransomware,
Third-party software
4 Disinformation 4 vulnerabilities phishing/social engineering, and Overall, public sector security
57% 29%
disinformation fall out of the Top 5 professionals seem confident
and are supplanted by distributed
that they will make progress
denial of service (DDOS), third-
5 Fileless attacks 5 Internet drive-by vulnerabilities
party software vulnerabilities, and
mitigating today’s biggest threats
57% 28% Internet drive-by vulnerabilities. over the next three years.

8
Cybersecurity Trends in Government 2021 Report

Shifts in
Threat Actors
Different threat actors have different motives.

While some threats (i.e.; end-user or administrator What is fascinating is that, when looking ahead 1 – 3 years
mistakes) are essentially “motive-less,” from now, cybersecurity professionals indicate much less
understanding the different types of attackers concern about all insider-related risks, as well as the general
can enable organizations to effectively invest category of external threats.
in and prioritize the right cyber defenses.
While concern for nation-state actors and organized crime
Insider threats have long ranked as a top concern bad actors also decreases when looking ahead, these threat
for cybersecurity professionals. The Forrester actor categories still rise to the #1 and #2 spots. Overall,
Predictions 2021 Guide asserts the remote respondents seem less optimistic about their ability to
workforce trend will continue to drive a significant tackle nation-state actors and organized cybercriminals in
increase in insider data breach threats. the future. This is most likely due to the sophistication, and
sometimes novel nature, of attacks waged by nation states
Our survey found that insiders are far and away the top and organized crime.
cybersecurity concern for public sector infosec leaders
today. Ill-intentioned insiders rank as the #1 concern
(67% of respondents), with mistakes by insiders
resulting in security incidents (55%) the #3 highest
concern. Concern for external threat actors (57%)
came in at #2, just a little ahead of insider mistakes.

9
Cybersecurity Trends in Government 2021 Report

In 2021, these attacks were relentless. The ransomware attack took 45%
Top 5 Threat Actors
The SolarWinds breach, attributed of the U.S East Coast fuel supply
to the Russian spy agency SVR, used completely offline as Colonial had Today In 1-3 Years
a routine software update to slip to shut down its entire network to
malicious code into Orion's software. mitigate the breach.
1 Malicious insiders 1 Nation-state bad actors
The sophisticated attack went The re-shuffling in ranking of most
67% 36%
undetected for months and was used concerning threat actors likely
as a vehicle for a massive cyberattack reflects the increasing prominence
that affected thousands of customers. of nation-state attacks initiated by
2 External bad actors 2 Organized crime

The Colonial Pipeline breach by the foreign governments such as North 57% 32%

cyber-criminal gang DarkSide is Korea, Iran, and Russia.

another glaring example of nation- 3 Accidental insiders 3 External bad actors
state actors taking advantage and 55% 21%
targeting critical infrastructure.

4 Nation-state bad actors 4 Malicious insiders

These entities are often highly resourced, persistent, and motivated, 52% 15%

and may target countries and companies with attacks like military
espionage, or disinformation campaigns that can polarize or 5 Organized crime 5 Accidental insiders

mislead the public. 52% 12%

10
Responding to
the Threat
MITIGATION STR ATEGIES

11
Cybersecurity Trends in Government 2021 Report

Now that we have a picture of what cyberthreats are most Survey respondents were asked to rate the importance of
concerning to the public sector, let’s shift our focus to what 21 cybersecurity measures today, and also indicate whether
public sector security professionals are doing to combat those measures would increase or decrease in importance to
cyber threats. them over the next 1-3 years.

Cybersecurity measures were categorized into three groups:

BASIC FOUNDATIONAL ORGANIZATIONAL

1 2 3
• Inventory & Control • Data Protection
• Implement Security These categories and
of Hardware Assets
• Data Recovery Capabilities Awareness & Training
• Maintenance, security measures roughly
• Privileged Access Management • Application Software
Monitoring & Analysis mirror those found in
of Audit Logs • Secure Configuration for Security
The Center for Internet
Network Devices • Penetration Tests &
• Inventory and Control Security (CIS) Top 20
of Software Assets • Secure Remote Access Red Team Exercises
Critical Security Controls.
• Continuous • Email & Web Browser • Incident Response &
Vulnerability Protections Management
Note that the CIS recently
Management
• SecDevOps simplified their list of
• Secure Configuration
• Limitation and Control of controls to 18 in version 8.
for Hardware and
Network Ports, Protocols,
Software on Mobile
and Services
Devices, Laptops,
Workstations and • Network & Wireless Access
Servers Control

• Account Monitoring
& Control

• Malware Defenses

• Boundary Defenses
12
Cybersecurity Trends in Government 2021 Report

Basic Cybersecurity Measures

1
Two of the top three most important current Auditing and monitoring of privileged Looking three years ahead, 53% of
measures cited involved the inventorying respondents expect maintenance,
sessions is particularly important as those
of assets. Inventory of (and control of) monitoring, and analysis of audit logs
hardware assets (74% of respondents) sessions reflect the most sensitive access to either remain just as important or
came in at #1, with inventory and control of and most powerful capabilities, with the increase in importance, while 55% indicate
software assets (56%) at #3. Asset discovery highest damage potential, if misused. likewise for continuous vulnerability
and categorization is usually a necessary first management. All other basic security
step to securing corporate resources and measures were overwhelmingly perceived
Continuous vulnerability management sits in
eliminating blind spots that could provide a as being significantly less important in the
the 4th spot, with 52% of respondents rating
backdoor for attackers, so it makes sense to future. Inventory of and control of hardware
it as important to them today. For decades,
see these measures at the top. assets experienced the most significant
a large percentage of attacks have exploited
drop, with 68% saying it would decrease in
known vulnerabilities. Prioritizing and patching
In the #2 spot is maintenance, monitoring, importance. This decline could be related to
vulnerabilities remains an effective way to broadly
and analysis of audit logs (63%), with the the expanded adoption of the cloud, likely
reduce cyber risk and eliminate significant threat
majority (53%) expecting it to remain just due to the continuation of more assets
vectors, but other measures can help too.
as important or increase in importance in being outsourced and under management
1-3 years. Audit trails help organizations of cloud providers or IT service providers.
For instance, the Microsoft Vulnerabilities
comply with government regulations and
Report 2021 found that 56% of Critical
other mandates. Monitoring and auditing
Microsoft vulnerabilities could be mitigated
capabilities provide oversight of user activity,
by removing admin rights, a very effective
helping alert to real-time threats, and also
method to close the security gaps.
assist with forensics, if needed.

13
Cybersecurity Trends in Government 2021 Report

Ranking the Importance of

Basic Cybersecurity Measures

1 GROUP 1
Basic Cybersecurity Measures
T O D AY
Ranked Somewhat or
IN 1-3 YEARS
Ranked About the
IN 1-3 YEARS
Will Become Somewhat or
Extremely Important Same Importance Extremely More Important

Inventory & control of hardware assets 74% 15% 33%

Maintenance, monitoring & analysis of audit logs 63% 21% 32%

Inventory & control of software assets 56% 12% 17%

Continuous vulnerability management 52% 24% 31%

Secure configuration for hardware and software on

47% 25% 25%
mobile devices, laptops, workstations & servers

14
Cybersecurity Trends in Government 2021 Report

2 Foundational Cybersecurity Measures

The top 3 measures most often cited as important measures today, While 71% envisioned privileged access management either staying
data protection (62%), data recovery capabilities (62%), and as important or increasing in importance over the next three
privileged access management (61%), stand in a virtual tie, while years, the #2 spot, data recovery capabilities, trailed far behind,
secure configuration for network devices (58%) and secure remote with 56% saying it would stay the same or increase in importance.
access, land in the #4 and #5 spots, respectively. SecDevOps and data protection followed next, each with 54% of
participants citing these measures would increase in importance
Boundary defense, which encompasses traditional perimeter controls or stay at the same level. The four measures with the strongest
such as firewalls, was rated the least important of the 12 foundational future momentum play particularly pivotal roles in protecting
security controls. We imagine that 5 -10 years back, this would have against ransomware attacks, while each also address other
ranked near the top. However, our increasingly perimeterless world significant security needs.
characterized by work-from-anywhere, edge computing, and hybrid
environments is reducing the effectiveness of boundary defenses. The perceived importance of secure remote access, which has
vaulted in priority in the remote work era, is evenly split between
those who expect its importance to increase or stay the same
Of all 12 foundational security controls, PAM reported
versus those who see its importance waning in the next 1 – 3 years.
the greatest expected increase in importance (40%), This makes sense as remote working should contract a bit from
and 31% say PAM will remain just as important. its pandemic highs. Yet, we expect remote work to remain on an
elevated trajectory compared to the pre-pandemic world.

The gulf between the future importance of privileged access

management at the top, and the other security controls in the
survey only continued to widen down the list. Email and web
browser protection are perceived as having the biggest drop in
importance (79%) over the next three years, with the next largest
drop seen for malware defenses (77%), which comprises such
technologies as antivirus/antimalware.

15
Cybersecurity Trends in Government 2021 Report

Ranking the Importance of

Foundational Cybersecurity Measures

2 GROUP 2
Foundational Cybersecurity Measures
T O D AY
Ranked Somewhat or
IN 1-3 YEARS
Ranked About the
IN 1-3 YEARS
Will Become Somewhat or
Extremely Important Same Importance Extremely More Important

Data protection 62% 25% 29%

Data recovery capabilities 62% 25% 31%

Privileged Access Management 61% 31% 40%

Secure configuration for network devices 58% 18% 26%

Secure remote access 57% 20% 30%

Email & web browser protections 56% 7% 14%

SecDevOps 56% 17% 37%

Limitation and control of network ports & protocols 53% 21% 25%

Network & wireless access control 53% 19% 34%

Account monitoring & control 52% 24% 27%

Malware defenses 49% 13% 11%

Boundary defenses 41% 23% 27%

16
Cybersecurity Trends in Government 2021 Report

3 Organizational Cybersecurity Measures

Within this category, implementing security awareness training

was recognized by 77% of participants as important today.

Awareness training is followed by application software security The importance across the four Organizational cybersecurity
(65%), penetration tests & red team exercises (56%), and incident measures was gauged as remaining fairly stable over the next three
response & management (50%). years, with none of the radical moves we saw in the other sections.

Since there seems to be a shared acknowledgement amongst Slightly more than half of survey respondents saw the importance
analysts and security leaders that experiencing a security of penetration tests & red team exercises (53%) and expect
incident is practically a given at some point, it’s surprising to us security awareness training (52%) as staying as important or
that incident response & management (IRM) was not rated as increasing in importance over the next three years.
important by half of respondents.
On the other hand, slightly more than half of respondents saw
Lack of mature IRM tools and processes can not only make it the importance of incident response & management (54%) and
challenging to contain a breach, but also much more difficult to application software security (56%) as decreasing in importance.
recover from a breach. IRM process and tools are also important
for providing the breach forensics that may be mandated as part
of a breach investigation by government organizations and other
regulators, partners, or even courts.

17
Cybersecurity Trends in Government 2021 Report

Ranking the Importance of

Organizational Cybersecurity Measures

3 GROUP 3
Organizational Cybersecurity Measures
T O D AY
Ranked Somewhat or
IN 1-3 YEARS
Ranked About the
IN 1-3 YEARS
Will Become Somewhat or
Extremely Important Same Importance Extremely More Important

Implement security awareness & training 77% 13% 24%

Application software security 65% 13% 23%

Penetration tests & Red Team exercises 56% 26% 26%

Incident response & management 50% 36% 24%

18
Cybersecurity Trends in Government 2021 Report

Compliance &
Government Programs

The 2021 American Rescue Plan We also heard from our participants about the Another noteworthy finding is that 58% of
importance of various government initiatives today respondents see StateRAMP as important today and
is perceived as critical for cyber
and three years from now, with the most interesting 40% anticipate it will increase in importance over
risk management, with 82% of findings featured below. the next 1-3 years. StateRAMP is a comprehensive
survey respondents stating the security framework, similar to FedRAMP, designed
IT professionals have had a love-hate relationship to improve cloud security for state and local
plan will improve cybersecurity,
with compliance initiatives. On one hand, governments. As the move to cloud becomes a
and 34% asserting the plan will compliance strives to make agency systems more common priority across organizations, StateRAMP
significantly improve security. secure, evolve best practices, and uphold agency certainly has reason to catch momentum.
reputations. Yet the budget, resources and manpower
needed to meet these initiatives, on top of regular day Lastly, 56% of IT professionals see DHS CISA’s
to day work, can be daunting. Continuous Diagnostics and Mitigation (CDM)
program as important to them today, versus 23%
While 61% say NIST is important to them today versus who say it is not. Looking ahead, 35% of participants
18% saying it is unimportant, it’s interesting that 38% perceive CDM as growing in importance. The CDM
of respondents believe the importance of National program has been a continued focus for federal
Institute of Standards and Technology (NIST) agencies by delivering cybersecurity tools, integration
policy will increase over the next 1-3 years. NIST services, and dashboards that help participating
has been an established technology advisor for years agencies improve their security posture.
and is heavily involved in defining policy within the
Presidential Cybersecurity EO.

19
Cybersecurity Trends in Government 2021 Report

Ranking the Importance of

Compliance Mandates

Compliance Mandates T O D AY IN 1-3 YEARS IN 1-3 YEARS

Ranked Somewhat or Ranked About the Will Become Somewhat or
Extremely Important Same Importance Extremely More Important

NIST 61% 20% 38%

StateRAMP 58% 14% 40%

Section 508/VPAT 58% 23% 29%

CDM 56% 24% 35%

FedRAMP 52% 35% 32%

FIPS 49% 20% 29%

ICAM 47% 25% 25%

CCRI 47% 20% 32%

CMMC 42% 24% 28%

20
Cybersecurity Trends in Government 2021 Report

Budget
Considerations

21
21
Cybersecurity Trends in Government 2021 Report

As cybersecurity across federal agencies The FY2022 budget requests an How Did Your Cybersecurity Budget
undergoes sharper scrutiny, consensus additional $500 million for the Technology
Change Year-Over-Year?
among the survey respondents seems Modernization Fund, an additional
to be that, at least for now, agencies are $110 million for the Cybersecurity and
armed with the funds and resources Infrastructure Security Agency (CISA),
they need to address their cyber risk. and $750 million to recover from the
hacking campaign against SolarWinds. 43%
In the survey, 56% of respondents said 43%
they received more cybersecurity How do public sector security
budget than last year, with 13% leaders feel about their level of 31%
31%
receiving significantly more budget. cybersecurity funding? A miniscule
Only 13% of public sector security 4% of respondents claimed that their
pros experienced a decrease in their security budget was underfunded.
cybersecurity budget, year-over-year.
13%
In fact, an overwhelming 96% 11% 13%
11%
Along with the American Rescue Plan of respondents stated that
budget, these funds will also be used their cybersecurity budget
2%
to support efforts to share information, is adequately funded. 2%
standards, and best practices with
critical infrastructure partners. Significantly Somewhat No Somewhat Significantly
less than less than change more than more than
ast year last year last year last year
Biden’s 2022 Fiscal Budget requests $9.8B in cybersecurity funding
to secure federal civilian networks and protect the nation’s
infrastructure, a $1.2B increase from 2021.

22
Cybersecurity Trends in Government 2021 Report

Key
Findings
Rose-colored glasses, or reasons
for genuine optimism?

23
Cybersecurity Trends in Government 2021 Report

Public sector agencies have undergone a period of massive change that expanded the attack
Government officials have signaled a renewed
surface, and attackers moved quickly to take advantage. Security leaders are marshalling
willingness to aggressively take down resources, encouraging collaboration, expanding budgets, and providing updated guidance on
cybercriminals – whether run-of the-mill best practices to meet these threats.
attackers, or nation-state threat actors.
Though public sector IT security professionals are clearly beleaguered by many security concerns,
these leaders project a more optimistic outlook about the threat landscape 1 - 3 years from now.

4 Potential Drivers of Positive Outlook

POST-
4
SECURITY TARGETED BUDGET
Is this just a case of rose-colored glasses, 1 TECHNOLOGIES 2 INITIATIVES 3 PRIORITIES PANDEMIC
or is their genuine reason for this optimism?
The Right Security Government Appropriate Pandemic-related
Technologies Have Initiatives Are Security Budgets Stressors Are
Our survey reveals four potential drivers
Been Identified Taking Aim at Are (Finally!) Subsiding
of this positive outlook. and Are Being Attackers Being Funded
Implemented

24
Cybersecurity Trends in Government 2021 Report

1 The Right Security Technologies Have Been

Identified and Are Being Implemented
2 Government Initiatives Are Taking Aim at Attackers
New government policies, like the Presidential Cybersecurity
Reduced concern about future cyber risks may reflect Executive Order (EO) and 2021 American Rescue Plan (ARP),
confidence in the effectiveness of the security measures survey pave a concrete path for cyber improvements and are
participants are adopting or maturing today, and over the next clearly buoying confidence in the ability to address agency
three years. cyber risks. That 82% of survey respondents indicate the

At the forefront is Privileged Access Management, already ARP plan will improve cybersecurity (and 34% assert the

ranked as a top security technology today by our participants, improvement will be significant), demonstrates a strong vote

respondents perceive that it will climb in importance more than of confidence.

any of the other 21 security measures surveyed. PAM solutions The American Rescue Plan is an ambitious effort to modernize
manage privileges and blend many other capabilities that are and secure federal IT networks by expanding the Technology
also rated highly in importance by participants, such as secure Modernization Fund (a $9 billion investment to bolster
remote access, maintenance, monitoring, and analysis of audit modernization and cybersecurity efforts). The EO holds
logs, and DevSecOps. agencies accountable to meeting guidelines and timelines to

Other top security measures that participants rated as both keep pace with the evolving threat landscape. The EO is also

highly important today, while also gaining in importance over helping to define what a zero trust architecture (ZTA) means –

the next few years include: helping to move the term zero trust from vision to reality.

• DevSecOps Advancing the U.S. government towards zero trust principles

• Continuous vulnerability management is well on its way as OMB and CISA launch a Federal Zero Trust
• Data recovery Strategy and a Zero Trust Maturity Model.

• Implementing a security training and awareness program

25
Cybersecurity Trends in Government 2021 Report

Appropriate Security Budgets

3 Are (Finally!) Being Funded Caveats
With most public sector cybersecurity budgets increasing,
While the findings of this report support an optimistic outlook, cybersecurity
and a whopping 96% of respondents saying their 2021
processes and technologies must adapt to what attackers are doing in
cybersecurity budgets have been well-funded, there are valid
the future, not just what is occurring today. The threat landscape evolves
reasons for wind in the sails of public sector security leaders.
continuously, and attackers are always seeking new weaknesses.

Robust IT security budgets won’t solve everything though; Consider the history lesson of ransomware, a threat whose death has been
correct implementation of technologies may still be hampered touted by many security leaders and journalists at multiple periods in its
by the ongoing difficulty in finding and training new security 30+ year history, only to emerge re-invented and more dangerous than
team members. ever. In addition, survey respondents noted future threat trends (quantum
computing, etc.) for which the challenges could become more palpable the
However, it is very encouraging that that agencies now closer they come to reality.
have the budget needed to buy and mature high-impact
Your own environment and its risks are ceaselessly shifting. Don’t assume
technologies that will address security gaps and improve
your security posture is strong – constantly test it. Assess the state of your
scalability via automation.
attack surface and vulnerabilities via pentesting, red teaming, and other
strategies. Unpatched vulnerabilities, default passwords, insecure remote
access (such as VPNs used for privileged access or RDP exposed to the

4 Return to “Normal” as the Pandemic Subsides Internet), excessive privileges, orphaned accounts, and misconfigurations
We believe it’s possible that the unique circumstances wrought are just a few common security risks that can give a threat actor that first
by the pandemic have created an era of peak cyber risk, and foothold—or much more.
that security adjustments, while lagging, will soon catch up.
Three years from now, absent a global pandemic, IT and security
teams can simplify their focus and benefit from a return to some
But most of all,
measure of day-to-day predictability. stay vigilant & humble.

26
Privileged Access
Management
A Closer Look

27
Cybersecurity Trends in Government 2021 Report

Almost every cyberattack today involves the exploitation Examples include:

of privileges/privileged access—either at the initial
point of compromise, or to advance an attack. Application Modernization

Privileged Access Management consists of the PAM helps secure your application infrastructure, protecting against both
cybersecurity strategies and technologies for exerting compromise and rogue use of applications across your environment. PAM
control over the elevated (“privileged”) access solutions discover and onboard all application accounts and privileges,
and permissions for users, accounts, processes, while also replacing embedded credentials with API calls or dynamic secrets
endpoints, and systems across an IT environment. and enforcing rotation, complexity, and other robust password security
requirements. These solutions also lockdown and segment access to
PAM solutions aim to manage, secure, and audit applications and harden applications by removing excessive privileges and
every instance of privileged access – whether restricting app-to-app communications. Moreover, granular application
by human, machine, employee, or vendor. control and context-based protections can be applied to further ensure
only legitimate, approved applications are used as well as to prevent native
NIST, CISA, NSA, and OMB, as well as the top industry process from being leveraged in fileless attacks.
analysts, have all highlighted Privileged Access
Management as one of the most critical cybersecurity areas.
Cloud Adoption

Survey respondents have corroborated their belief that PAM is PAM is a foundational technology for securing cloud, multicloud, and hybrid
environments, and can address 10 of the top 11 cloud threats (“The Egregious
highly important today, and will increase in importance more than
11”) identified by the non-profit Cloud Security Alliance (CSA). PAM solutions
any other of the top security measures over the next three years. continuously discover and onboard cloud and on-premises assets, instances,
accounts, etc., and enforce credential security and session monitoring/
PAM is integral to secure adoption of today’s management best practices—including for control planes. Other important
digital transformation and modernization PAM security controls include the enforcement of least privilege, as well as
initiatives across the government. the granular control over applications, commands, files, and scripts to prevent
or mitigate errors and malformed/inappropriate commands. The most mature
PAM solutions can also enforce segmentation of the cloud environment and
proxy remote access to cloud management consoles and compute resources.

28
Cybersecurity Trends in Government 2021 Report

DevOps
Zero Trust
PAM is an integral part of DevSecOps, and protects tools, identities,
According to a recent IDSA study, 93% of IT security pros say zero
and CI/CD workflows, while supporting peak DevOps agility. Some
trust is strategic to securing their organization, with 97% asserting
key capabilities of PAM include discovery and onboarding of DevOps
identity is a foundational component of a zero trust security model.
assets and accounts, centralized secrets management, enforcement
PAM is a necessary component for enabling zero trust environments
of least privilege, blocking and flagging of inappropriate scripts or
and architectures and can enforce context-based least privilege in
commands, prevention of misconfigurations, and the segmentation of
alignment with just-in-time access models - meaning that privilege
development, test, and production systems.
is limited both in scope and duration. PAM can enforce segmentation
and microsegmentation to further limit lateral movement and line-of-
Edge Computing / IoT
sight to corporate resources. Every privileged session is monitored,
managed, and audited – whether human, machine, employee, vendor,
PAM solutions can discover, centrally manage (rotate, randomize,
remote, or on-premises.
enforce strong password security, etc.) for IoT and other devices,
and replace embedded credentials with API calls. Fine-grained least
privilege and just-in-time access can be enforced across all endpoints Today, agencies are leveraging Privileged Access Management
and applications. PAM solutions can also secure the remote access to boost cyber immunity to:
connections between edge devices, away from the centralized
• Malware and ransomware
corporate network, while performing advanced session monitoring
that includes, screen recordings, indexing of issued commands, and • Insider threats – both intentional actions and unintentional (i.e. mistakes)
the ability to automatically identify and stop inappropriate activity. • External threat actors (cybercriminals, nation-state actors, etc.)
• Fileless threats
Robotic process automation (RPA) • Remote access risks

Whether you are leveraging attended RPA, unattended RPA, or are

leaning into a hybrid approach, PAM protects your software robot
Increasingly, PAM controls are also required by cyber insurers
identities, RPA workflows, and all the data involved. PAM solutions
continuously discover and onboard RPA assets, enforce credential to obtain coverage and get the best rates.
and session management best practices, and enforce least privilege
across processes, toolsets, and workflows.

29
The BeyondTrust
PAM Solution

30
Cybersecurity Trends in Government 2021 Report
page / 31

The BeyondTrust Privileged Access Management (PAM) portfolio is an BeyondTrust is named a Leader in the Gartner Magic Quadrant,

integrated solution set that provides visibility and control over the as well as a ‘Gold’ Winner of the 2020 ‘ASTORS’ Homeland Security Awards.

entire universe of privileges — identities, endpoints, and sessions.

BeyondTrust delivers what industry experts consider to be the complete
spectrum of Privileged Access Management solutions.

The BeyondTrust Solution

ON-PREMISES CLOUD HYBRID

PRIVILEGED PASSWORD SECURE REMOTE ENDPOINT PRIVILEGE CLOUD PRIVILEGE 

MANAGEMENT ACCESS MANAGEMENT PROTECTION

Discover, manage, audit, and Secure, manage, and audit Remove excessive end Discover, visualize, and
monitor privileged accounts remote privileged access user privileges on Windows, manage entitlements
and sessions of all types sessions for vendors, admins Mac, Unix, Linux and across your multi-
and the service desk network devices cloud infrastructure

BEYONDINSIGHT DISCOVERY | REPORTING | THRE AT ANALY TIC S | CONNEC TORS | CENTR AL POLICY & MANAGEMENT

31
Cybersecurity Trends in Government 2021 Report

Protect against threats, achieve compliance

and support your mission with BeyondTrust.

BeyondTrust PAM provides powerful, blended threat protection.

Public sector organizations are leveraging BeyondTrust solutions to:

Discover, inventory, and categorize all assets and accounts to bring them under Apply just-in-time access models to ensure elevated access is only given
management, while also eliminating blind spots and illuminating shadow IT. for a finite period of time and is immediately revoked after the activity
is performed, the context has changed, or a certain amount of time has
Onboard and manage all privileged credentials and secrets (human and elapsed.
non-human) to protect against password re-use attacks and prevent privileged
account compromise. Prevent execution of errant or inappropriate commands, and alert on
such instances.
Enforce least-privilege across users, applications, endpoints, etc. to drastically
reduce the attack surface and minimize lateral access pathways. Granularly control applications and employ Trusted Application
Protection to thwart fileless threats.
Provide secure remote access for employees, vendors, and service desks –
without VPNs – while also enabling agencies to lock down access to cloud, Monitor, manage, and analyze every privileged session, while also
virtual and DevOps control planes and other consoles. providing an unimpeachable audit trail, and the ability to pause or
terminate suspicious sessions.

32
Cybersecurity Trends in Government 2021 Report

For More Information

Visit our website at www.beyondtrust.com/solutions/public-sector.

Additonal Resources

SOLUTION BRIEF The Executive Order on Improving the Nation’s Cybersecurity

WHITEPAPER Mapping BeyondTrust to CIS Controls 7.1

RESEARCH REPORT Malware Threat Report 2021

WHITE PAPER The Guide to Multicloud Privilege Management

SOLUTION PAGE How BeyondTrust Secures & Enables Digital Transformation

SOLUTION PAGE Achieve Zero Trust with BeyondTrust

BeyondTrust is the worldwide leader in Privileged Access Management (PAM), empowering organizations to secure and manage
their entire universe of privileges. Our integrated products and platform offer the industry’s most advanced PAM solution,
enabling organizations to quickly shrink their attack surface across traditional, cloud and hybrid environments.

The BeyondTrust Universal Privilege Management approach secures and protects privileges across passwords, endpoints,
and access, giving organizations the visibility and control they need to reduce risk, achieve compliance, and boost operational
performance. Our products enable the right level of privileges for just the time needed, creating a frictionless experience for
users that enhances productivity.
With a heritage of innovation and a staunch commitment to customers, BeyondTrust provides solutions that are easy to deploy,
manage, and scale as businesses evolve. We are trusted by 20,000 customers, including 70 percent of the Fortune 500, and a
global partner network.

beyondtrust.com
V2021_10_ENG

33