• The dark web and AI tools are enabling attackers to work with unprecedented scale, putting everyone in their crosshairs.
• Government agencies of all sizes now face the same threats once limited to large enterprises targeted by state-sponsored cybercriminals.
• Agencies must adopt practical approaches and enterprise-grade tools to combat these threats.

Back when nation-state threat actors were primarily targeting large government agencies, government contractors, and large companies, security through obscurity was a legitimate strategy. In years past, betting that attackers wouldn’t bother with smaller targets was a feasible way of operating. 

It’s feasible no longer. 

Hackers are better equipped than ever before, thanks in part to artificial intelligence (AI)-enabled tools and ransomware kits made accessible to virtually anyone via the dark web. This has contributed to increasingly sophisticated attacks against agencies and companies of all sizes—not just the largest ones. Now, observes Jason Rolleston, general manager of Broadcom’s Enterprise Security Group, “They’re going after everybody.”

As the number and scale of attacks intensify, the only way to stay protected is to assume you’re a target. It doesn’t matter how small or low profile you think your agency is—threat actors aren’t discriminating.

While AI is partially fueling the acceleration of attacks by helping attackers do more with less—less time, expertise, and effort—defenders also get an edge. Security teams are already leveraging AI, including tools enabled with Agentic AI, to detect and respond to threats more quickly.

Designing a Dynamic Security Strategy, a new report from Carahsoft, makes it clear that while cyberthreats are evolving, so are the defenses protecting government agencies (and us all).

Evolving tools for the modern defender

The cybersecurity industry has historically designed tools for the most sophisticated users—but that’s shifting. Yes, security tools must be effective. But they also must be accessible to users of varying expertise. 

As many security vendors have discovered, the key is to design for the novice and configure for the expert. In doing so, security vendors can create tools that are accessible yet flexible—making it easier for government agencies to gain a stronger security posture, regardless of their security team’s size or skill set.

Securing endpoints is non-negotiable

With 69% of agencies prioritizing endpoint security—it’s clear government teams face many of the same cybersecurity challenges as other organizations. That now goes for agencies at the state and county levels. 

Much like the broader workforce, where and how government employees access data and applications has changed. Sensitive data on an unsecured device? That sounds like an attacker’s dream scenario. 

That’s why securing network endpoints across laptops, mobile devices, and servers is non-negotiable. Without visibility and control at this layer, agencies can’t fully enforce Zero Trust principles.

It helps to have a unified, intelligence-driven approach to endpoint security that allows you to see and stop more attacks. For instance, the latest and most advanced endpoint protection solutions incorporate real-time endpoint threat detection and response, regardless of device type or operating systems. If SecOps teams can gather and analyze all endpoint data within a single console, agencies can achieve real-time continuous management inside and outside the perimeter, all while streamlining deployments and simplifying asset and patch management. 

Unifying threat prevention, detection, and remediation

Government networks are under constant attack. The latest schemes involve stealing legitimate credentials, gaining access to unmanaged devices, and moving laterally across third-party supply chain systems to reach government networks. These attacks are particularly effective because they blend in with users’ behavior patterns and tap into existing applications and tools. living off the land (LOTL) attacks will use otherwise legitimate, “known good” operating system features or tools to mount their attacks. 

Responsible for nearly half of all ransomware attacks, LOTL techniques are often difficult and time-consuming to identify and understand within the attack chain. Working under the cover of perceived legitimacy, LOTL attacks commonly include reconnaissance activities, allowing the attack sequence to progress as adversaries prepare to dig their claws in deeper. 

Government teams need to adopt a highly adaptive defensive posture—one that brings threat prevention, detection, and remediation all under the same roof. With a unified approach, government agencies can become more proactive in responding to risks and breaches. 

Creating a successful data protection strategy

Like most organizations, government agencies continue to adopt cloud technology. Cloud-based apps offer a number of proven benefits, including increased digital capacity, improved collaboration, and optimized service delivery. Despite these advantages, 28% of cloud decision-makers across global agencies cite security and privacy concerns regarding application protection—and their unease is justified.

But cloud convenience often comes with added risk. As data moves across public networks and personal devices, attackers have more opportunities to intercept it. What’s more, many organizations still lack proper discovery, classification, and labeling to prevent careless or unauthorized sharing of data. Cloud apps (and even private data center-hosted systems) are often accessed from unmanaged devices too—leaving users and data even more vulnerable. Whether in the cloud or on-premises, data can be at risk when in motion, in use, or at rest. 

To safely harness the advantages of cloud-based applications, agencies need a Data Loss Prevention (DLP) strategy designed for the realities and complexities of cloud and hybrid environments. Protecting data at rest, in use, and in transit requires a combination of policy enforcement, encryption, and continuous monitoring. 

Effective DLP solutions secure your most sensitive data without hindering user experience. They seamlessly integrate with cloud providers, protect sensitive data without causing friction, and use advanced detection capabilities to reduce false positives. Bonus: Highly optimized solutions also place guardrails on generative AI platforms—further mitigating data loss.

Whether it’s day-to-day collaboration or large-scale compliance audits, top-tier DLP solutions ensure collaboration and accessibility don’t come at the cost of security. And by bolstering DLP protections with a Zero Trust Network Access (ZTNA) solution, agencies can further protect data no matter how or where it’s accessed, used, or stored.

Gaining control over a fragmented network

Agencies today manage a hybrid mix of on-premises systems, cloud workloads, and remote users. At the federal level, 54% of workers are remote or hybrid, creating fragmented and complex networks. Add in personal devices and supply chain partners, and securing the environment becomes even more daunting. This is critical for government entities, where cloud-related security and its implications for sovereignty and control remain top concerns.

Secure Service Edge (SSE) solutions directly address this by combining multiple protections in a single offering. Recently, SSE reached a groundbreaking milestone when the Symantec security stack was integrated into Google’s Cloud WAN solution, delivering bandwidth up to 100X faster than competitors’ GRE- or IPsec-based connectivity options.

And when it comes to visibility and control, Secure Web Gateway (SWG), a key component of SSE, helps agencies apply security controls anywhere network activity happens. With the right gateway in place, agencies unify critical network protections so security teams see what’s happening and can address threats and other issues more easily. Instead of juggling fragmented tools, IT teams gain unified visibility, simplified management, and consistent policy enforcement at scale.

Securing government networks is no longer just about defending a single perimeter—or hoping attackers overlook your smallish IT environment. It’s about protecting a constantly shifting landscape of users, devices, apps, and data. 

To transform the way your agency thinks about security, contact Carahsoft, your local U.S. federal and public sector experts in enterprise-grade security.

Read the full report here.