A new cyber threat is on the rise, targeting public entities through encrypted attacks. The widespread use of hypertext transfer protocol secure (HTTPS) for web data encryption has given a false sense of security. While encryption protects sensitive information, cybercriminals are now using it to conceal their malicious activities. In fact, around 86% of all cyber threats are now delivered over encrypted channels.
The Cybersecurity and Infrastructure Security Agency’s (CISA) Binding Operational Directive (BOD) 18-01, which mandated HTTPS for the Federal government, has led to increased web protection. However, it has also posed challenges for security teams in monitoring and preventing attacks on perimeter-facing systems and applications.
A recent report by the Zscaler ThreatLabz research team has revealed an alarming 185% increase in encrypted attacks targeting the government sector. This demonstrates the growing sophistication of cybercriminals who are leveraging encryption and emerging technologies like artificial intelligence (AI) to optimize their threats.
Government agencies face the dual challenge of modernizing their security architecture while still relying on aging legacy systems that are increasingly vulnerable to attacks. To combat the evolving landscape of encrypted threats, government leaders need to comply with the Federal Zero Trust Strategy and adopt a Zero Trust architecture. This approach allows agencies to continually monitor activity and inspect all encrypted traffic.
Traditional security models rely on perimeter defenses, but the Zero Trust approach recognizes that threats can come from both inside and outside the network. By inspecting every request, authenticating every user and device, and assessing all permissions before granting access, a Zero Trust architecture empowers agencies to be proactive, adaptive, and data-centric. It simplifies management and enforces policy across all traffic in a single, operationally simple way.
Gaining deeper visibility into the IT ecosystem is crucial for mitigating risk. All Internet-facing services, including firewalls and legacy technologies like VPNs, present attack surfaces for threat actors. The CISA issued BOD 23-02, which requires Federal civilian executive-branch agencies to either remove such interfaces or deploy a Zero Trust architecture to enforce access control.
Once attackers infiltrate the network, they can move laterally and establish a network foothold. To prevent this, government agencies can utilize micro-segmentation to limit access based on user or entity requirements. By connecting users directly to applications instead of the network, the attack surface is dramatically reduced, and threats can be contained. Granular least-privileged access policies based on application-level awareness, user identities, and device attributes offer better visibility into network activity.
All encrypted traffic must be thoroughly inspected to detect and block cyber threats. A cloud-native, inline proxy-based architecture provides the most effective way to decrypt, detect, and prevent threats in encrypted traffic at scale. Cloud proxies act as intermediaries between users and servers, ensuring secure access to resources while protecting against threats. This architecture eliminates the expense of appliances and scales to evolving traffic demands, reducing latency and improving user experience.
As 95% of web traffic is now encrypted, government agencies must reevaluate traditional security approaches and reduce their attack surfaces. Implementing zero trust governmentwide is critical for a strong cyber posture. Zero trust remains the most important line of defense as cybercriminals continue to develop new means of attack, including encrypted threats. Government agencies must stay vigilant and adopt robust security measures to safeguard their critical data and infrastructure.
