Government agencies are a prime target for cyber crime. Agencies hold so much diverse data about citizens — from passport information to social care data. In addition, many of them rely on the data security built for their outdated computer systems. So, cyber criminals often view government agencies as an easy mark. More concerning, public-sector groups appear to have a tough time knowing when they’ve been attacked. The IBM Cost of a Data Breach Report 2020 found the public sector lags behind other industries in terms of time to spot and contain data breaches. The global average across all sectors to find a breach is 177 days. Meanwhile, the average in the public sector is 231 days.

This year’s top government security stories include efforts by the federal government to improve data security protections, as well as suggestions for how agencies can bolster their data protection, application security and database security so they can (hopefully) be alerted to (and respond to) attacks faster. Check out our top news from the world of government IT security so far in 2021.

Quick Briefs: Top Government Insights 

5-Minute Read 🕒

What Biden’s Cybersecurity Executive Order Means for Supply Chain Attacks

On May 12, President Joe Biden signed an executive order to modernize cybersecurity defenses and protect federal networks. Among other things, the order forces organizations to consider cybersecurity throughout their supply chain and within their vendors. It covers a wide range of issues, including sharing threat information, public/private partnership and closer teamwork with federal partners. The order puts the onus on the federal government to have at least some duty to data security. It also sets up working groups and takes existing National Institute of Standards and Technology guidelines as formal instructions around some government agencies. Read the full story to find out more about the contents of the executive order. See why attackers are focusing on supply chains and how to better defend against supply chain attacks.

3-Minute Read 🕒

How Biden’s Cloud Security Executive Order Stacks Up to Industry Expectations

In May, Gartner projected that cloud security spending will rise from $595 million to $841 million, an increase of 41.2%, by the end of 2021. In this article, we examine how Gartner’s projections align with the data security efforts in the executive order. Explore the benefits of moving toward a zero trust architecture and deploying an endpoint detection and response solution.

2-Minute Read 🕒

Attackers Launch Cyberattack via U.S. Aid Agency Email Accounts

In May, Microsoft discovered a Russian threat group conducted an email campaign pretending to be the U.S. Agency for International Development. This is also thought to be the group behind the SolarWinds attack. The attackers used Constant Contact, a trusted marketing service, to distribute malicious URLs and malware. In total, they sent it to 3,000 accounts in 150 organizations via phishing emails. When victims clicked the malicious URL, the threat actor attempted to drop a Cobalt Strike Beacon loader. That, in turn, could maintain persistence on the victim’s computer. Read this article to find out more about the attack. In addition, see the data security best practices IBM recommends agencies follow to prevent a similar compromise.

4-Minute Read 🕒

3 Ways to Reduce the Cost of a Government Data Breach

The IBM Cost of a Data Breach Report 2020 found breaches in the public sector averaged a cost of $1.6 million per breach. And although that’s not the highest compared with other industries, each dollar spent is taxpayer money that could be better used. Find out why it takes the public sector so long to discover breaches. In addition, get tips for how to reduce the cost of a government data breach.

More on the Status of Government IT Data Security

In September, the Cybersecurity and Infrastructure Security Agency released its Zero Trust Maturity Model to assist agencies as they implement zero trust. The model complements the Office of Management and Budget’s Zero Trust Strategy. That strategy was designed to provide agencies with a roadmap and resources to achieve an optimal zero trust setup.

In August, the Senate Homeland Security and Governmental Affairs Committee issued a bipartisan staff report reviewing the state of the federal government’s cybersecurity. The news wasn’t good.

The Washington Post reported that President Biden called on the leaders of companies including Apple, Google and JPMorgan Chase. He asked them to do more to respond to threats during a summit at the White House in late August.

“You have the power, capacity and responsibility, I believe, to raise the bar on cybersecurity,” Biden told the tech leaders.

More from Government

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

Updated SBOM guidance: A new era for software transparency?

3 min read - The cost of cyberattacks on software supply chains is a growing problem, with the average data breach costing $4.45 million in 2023. Since President Biden’s 2021 executive order, software bills of materials (SBOMs) have become a cornerstone in protecting supply chains.In December 2023, the National Security Agency (NSA) published new guidance to help organizations incorporate SBOMs and combat the threat of supply chain attacks.Let’s look at how things have developed since Biden’s 2021 order and what these updates mean for…

Roundup: Federal action that shaped cybersecurity in 2023

3 min read - As 2023 draws to a close, it’s time to look back on our top five federal cyber stories of the year: a compilation of pivotal moments and key developments that have significantly shaped the landscape of cybersecurity at the federal level.These stories highlight the challenges federal agencies faced in securing digital infrastructure in the past year and explore the evolving nature of cyber threats, as well as the innovative responses required to address them.New White House cybersecurity strategyThe White House’s…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today