Government agencies are a prime target for cyber crime. Agencies hold so much diverse data about citizens — from passport information to social care data. In addition, many of them rely on the data security built for their outdated computer systems. So, cyber criminals often view government agencies as an easy mark. More concerning, public-sector groups appear to have a tough time knowing when they’ve been attacked. The IBM Cost of a Data Breach Report 2020 found the public sector lags behind other industries in terms of time to spot and contain data breaches. The global average across all sectors to find a breach is 177 days. Meanwhile, the average in the public sector is 231 days.

This year’s top government security stories include efforts by the federal government to improve data security protections, as well as suggestions for how agencies can bolster their data protection, application security and database security so they can (hopefully) be alerted to (and respond to) attacks faster. Check out our top news from the world of government IT security so far in 2021.

Quick Briefs: Top Government Insights 

5-Minute Read 🕒

What Biden’s Cybersecurity Executive Order Means for Supply Chain Attacks

On May 12, President Joe Biden signed an executive order to modernize cybersecurity defenses and protect federal networks. Among other things, the order forces organizations to consider cybersecurity throughout their supply chain and within their vendors. It covers a wide range of issues, including sharing threat information, public/private partnership and closer teamwork with federal partners. The order puts the onus on the federal government to have at least some duty to data security. It also sets up working groups and takes existing National Institute of Standards and Technology guidelines as formal instructions around some government agencies. Read the full story to find out more about the contents of the executive order. See why attackers are focusing on supply chains and how to better defend against supply chain attacks.

3-Minute Read 🕒

How Biden’s Cloud Security Executive Order Stacks Up to Industry Expectations

In May, Gartner projected that cloud security spending will rise from $595 million to $841 million, an increase of 41.2%, by the end of 2021. In this article, we examine how Gartner’s projections align with the data security efforts in the executive order. Explore the benefits of moving toward a zero trust architecture and deploying an endpoint detection and response solution.

2-Minute Read 🕒

Attackers Launch Cyberattack via U.S. Aid Agency Email Accounts

In May, Microsoft discovered a Russian threat group conducted an email campaign pretending to be the U.S. Agency for International Development. This is also thought to be the group behind the SolarWinds attack. The attackers used Constant Contact, a trusted marketing service, to distribute malicious URLs and malware. In total, they sent it to 3,000 accounts in 150 organizations via phishing emails. When victims clicked the malicious URL, the threat actor attempted to drop a Cobalt Strike Beacon loader. That, in turn, could maintain persistence on the victim’s computer. Read this article to find out more about the attack. In addition, see the data security best practices IBM recommends agencies follow to prevent a similar compromise.

4-Minute Read 🕒

3 Ways to Reduce the Cost of a Government Data Breach

The IBM Cost of a Data Breach Report 2020 found breaches in the public sector averaged a cost of $1.6 million per breach. And although that’s not the highest compared with other industries, each dollar spent is taxpayer money that could be better used. Find out why it takes the public sector so long to discover breaches. In addition, get tips for how to reduce the cost of a government data breach.

More on the Status of Government IT Data Security

In September, the Cybersecurity and Infrastructure Security Agency released its Zero Trust Maturity Model to assist agencies as they implement zero trust. The model complements the Office of Management and Budget’s Zero Trust Strategy. That strategy was designed to provide agencies with a roadmap and resources to achieve an optimal zero trust setup.

In August, the Senate Homeland Security and Governmental Affairs Committee issued a bipartisan staff report reviewing the state of the federal government’s cybersecurity. The news wasn’t good.

The Washington Post reported that President Biden called on the leaders of companies including Apple, Google and JPMorgan Chase. He asked them to do more to respond to threats during a summit at the White House in late August.

“You have the power, capacity and responsibility, I believe, to raise the bar on cybersecurity,” Biden told the tech leaders.

More from Government

NIST’s security transformation: How to keep up

4 min read - One thing that came out of the pandemic years was a stronger push toward an organization-wide digital transformation. Working remotely forced companies to integrate digital technologies, ranging from cloud computing services to AI/ML, across business operations to allow workers to keep up high production and efficiency standards. Now that businesses and consumers have adjusted to the new normal of digital transformation, it is time to develop a security transformation strategy. Coping with the speed of change A constantly evolving tech…

Cyber experts applaud the new White House cybersecurity plan

4 min read - First, there was a strategy. Now, there’s a plan. The Biden Administration recently released its plan for implementing the highly anticipated national cybersecurity strategy published in March. The new National Cybersecurity Strategy Implementation Plan (NCSIP) lays out specific deadlines and responsibilities for the White House’s vision for cybersecurity. The plan is being managed by the White House’s Office of the National Cyber Director (ONCD). Cybersecurity experts have applauded the Administration’s plan as well as the new implementation calendar. For example,…

How the FBI Fights Back Against Worldwide Cyberattacks

5 min read - In the worldwide battle against malicious cyberattacks, there is no organization more central to the fight than the Federal Bureau of Investigation (FBI). And recent years have proven that the bureau still has some surprises up its sleeve. In early May, the U.S. Department of Justice announced the conclusion of a U.S. government operation called MEDUSA. The operation disrupted a global peer-to-peer network of computers compromised by malware called Snake. Attributed to a unit of the Russian government Security Service,…

How NIST Cybersecurity Framework 2.0 Tackles Risk Management

4 min read - The NIST Cybersecurity Framework 2.0 (CSF) is moving into its final stages before its 2024 implementation. After the public discussion period to inform decisions for the framework closed in May, it’s time to learn more about what to expect from the changes to the guidelines. The updated CSF is being aligned with the Biden Administration’s National Cybersecurity Strategy, according to Cherilyn Pascoe, senior technology policy advisor with NIST, at the 2023 RSA Conference. This sets up the new CSF to…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today