Government agencies are a prime target for cyber crime. Agencies hold so much diverse data about citizens — from passport information to social care data. In addition, many of them rely on the data security built for their outdated computer systems. So, cyber criminals often view government agencies as an easy mark. More concerning, public-sector groups appear to have a tough time knowing when they’ve been attacked. The IBM Cost of a Data Breach Report 2020 found the public sector lags behind other industries in terms of time to spot and contain data breaches. The global average across all sectors to find a breach is 177 days. Meanwhile, the average in the public sector is 231 days.

This year’s top government security stories include efforts by the federal government to improve data security protections, as well as suggestions for how agencies can bolster their data protection, application security and database security so they can (hopefully) be alerted to (and respond to) attacks faster. Check out our top news from the world of government IT security so far in 2021.

Quick Briefs: Top Government Insights 

5-Minute Read 🕒

What Biden’s Cybersecurity Executive Order Means for Supply Chain Attacks

On May 12, President Joe Biden signed an executive order to modernize cybersecurity defenses and protect federal networks. Among other things, the order forces organizations to consider cybersecurity throughout their supply chain and within their vendors. It covers a wide range of issues, including sharing threat information, public/private partnership and closer teamwork with federal partners. The order puts the onus on the federal government to have at least some duty to data security. It also sets up working groups and takes existing National Institute of Standards and Technology guidelines as formal instructions around some government agencies. Read the full story to find out more about the contents of the executive order. See why attackers are focusing on supply chains and how to better defend against supply chain attacks.

3-Minute Read 🕒

How Biden’s Cloud Security Executive Order Stacks Up to Industry Expectations

In May, Gartner projected that cloud security spending will rise from $595 million to $841 million, an increase of 41.2%, by the end of 2021. In this article, we examine how Gartner’s projections align with the data security efforts in the executive order. Explore the benefits of moving toward a zero trust architecture and deploying an endpoint detection and response solution.

2-Minute Read 🕒

Attackers Launch Cyberattack via U.S. Aid Agency Email Accounts

In May, Microsoft discovered a Russian threat group conducted an email campaign pretending to be the U.S. Agency for International Development. This is also thought to be the group behind the SolarWinds attack. The attackers used Constant Contact, a trusted marketing service, to distribute malicious URLs and malware. In total, they sent it to 3,000 accounts in 150 organizations via phishing emails. When victims clicked the malicious URL, the threat actor attempted to drop a Cobalt Strike Beacon loader. That, in turn, could maintain persistence on the victim’s computer. Read this article to find out more about the attack. In addition, see the data security best practices IBM recommends agencies follow to prevent a similar compromise.

4-Minute Read 🕒

3 Ways to Reduce the Cost of a Government Data Breach

The IBM Cost of a Data Breach Report 2020 found breaches in the public sector averaged a cost of $1.6 million per breach. And although that’s not the highest compared with other industries, each dollar spent is taxpayer money that could be better used. Find out why it takes the public sector so long to discover breaches. In addition, get tips for how to reduce the cost of a government data breach.

More on the Status of Government IT Data Security

In September, the Cybersecurity and Infrastructure Security Agency released its Zero Trust Maturity Model to assist agencies as they implement zero trust. The model complements the Office of Management and Budget’s Zero Trust Strategy. That strategy was designed to provide agencies with a roadmap and resources to achieve an optimal zero trust setup.

In August, the Senate Homeland Security and Governmental Affairs Committee issued a bipartisan staff report reviewing the state of the federal government’s cybersecurity. The news wasn’t good.

The Washington Post reported that President Biden called on the leaders of companies including Apple, Google and JPMorgan Chase. He asked them to do more to respond to threats during a summit at the White House in late August.

“You have the power, capacity and responsibility, I believe, to raise the bar on cybersecurity,” Biden told the tech leaders.

More from Government

CIRCIA feedback update: Critical infrastructure providers weigh in on NPRM

3 min read - In 2022, the Cyber Incident for Reporting Critical Infrastructure Act (CIRCIA) went into effect. According to Secretary of Homeland Security Alejandro N. Mayorkas, "CIRCIA enhances our ability to spot trends, render assistance to victims of cyber incidents and quickly share information with other potential victims, driving cyber risk reduction across all critical infrastructure sectors."While the law itself is on the books, the reporting requirements for covered entities won't come into force until CISA completes its rulemaking process. As part of…

Important details about CIRCIA ransomware reporting

4 min read - In March 2022, the Biden Administration signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). This landmark legislation tasks the Cybersecurity and Infrastructure Security Agency (CISA) to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments.The CIRCIA incident reports are meant to enable CISA to:Rapidly deploy resources and render assistance to victims suffering attacksAnalyze incoming reporting across sectors to spot trendsQuickly share information with network defenders to warn other…

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today