Government agencies are a prime target for cyber crime. Agencies hold so much diverse data about citizens — from passport information to social care data. In addition, many of them rely on the data security built for their outdated computer systems. So, cyber criminals often view government agencies as an easy mark. More concerning, public-sector groups appear to have a tough time knowing when they’ve been attacked. The IBM Cost of a Data Breach Report 2020 found the public sector lags behind other industries in terms of time to spot and contain data breaches. The global average across all sectors to find a breach is 177 days. Meanwhile, the average in the public sector is 231 days.
This year’s top government security stories include efforts by the federal government to improve data security protections, as well as suggestions for how agencies can bolster their data protection, application security and database security so they can (hopefully) be alerted to (and respond to) attacks faster. Check out our top news from the world of government IT security so far in 2021.
Quick Briefs: Top Government Insights
5-Minute Read 🕒
What Biden’s Cybersecurity Executive Order Means for Supply Chain Attacks
On May 12, President Joe Biden signed an executive order to modernize cybersecurity defenses and protect federal networks. Among other things, the order forces organizations to consider cybersecurity throughout their supply chain and within their vendors. It covers a wide range of issues, including sharing threat information, public/private partnership and closer teamwork with federal partners. The order puts the onus on the federal government to have at least some duty to data security. It also sets up working groups and takes existing National Institute of Standards and Technology guidelines as formal instructions around some government agencies. Read the full story to find out more about the contents of the executive order. See why attackers are focusing on supply chains and how to better defend against supply chain attacks.
3-Minute Read 🕒
How Biden’s Cloud Security Executive Order Stacks Up to Industry Expectations
In May, Gartner projected that cloud security spending will rise from $595 million to $841 million, an increase of 41.2%, by the end of 2021. In this article, we examine how Gartner’s projections align with the data security efforts in the executive order. Explore the benefits of moving toward a zero trust architecture and deploying an endpoint detection and response solution.
2-Minute Read 🕒
Attackers Launch Cyberattack via U.S. Aid Agency Email Accounts
In May, Microsoft discovered a Russian threat group conducted an email campaign pretending to be the U.S. Agency for International Development. This is also thought to be the group behind the SolarWinds attack. The attackers used Constant Contact, a trusted marketing service, to distribute malicious URLs and malware. In total, they sent it to 3,000 accounts in 150 organizations via phishing emails. When victims clicked the malicious URL, the threat actor attempted to drop a Cobalt Strike Beacon loader. That, in turn, could maintain persistence on the victim’s computer. Read this article to find out more about the attack. In addition, see the data security best practices IBM recommends agencies follow to prevent a similar compromise.
4-Minute Read 🕒
3 Ways to Reduce the Cost of a Government Data Breach
The IBM Cost of a Data Breach Report 2020 found breaches in the public sector averaged a cost of $1.6 million per breach. And although that’s not the highest compared with other industries, each dollar spent is taxpayer money that could be better used. Find out why it takes the public sector so long to discover breaches. In addition, get tips for how to reduce the cost of a government data breach.
More on the Status of Government IT Data Security
In September, the Cybersecurity and Infrastructure Security Agency released its Zero Trust Maturity Model to assist agencies as they implement zero trust. The model complements the Office of Management and Budget’s Zero Trust Strategy. That strategy was designed to provide agencies with a roadmap and resources to achieve an optimal zero trust setup.
In August, the Senate Homeland Security and Governmental Affairs Committee issued a bipartisan staff report reviewing the state of the federal government’s cybersecurity. The news wasn’t good.
The Washington Post reported that President Biden called on the leaders of companies including Apple, Google and JPMorgan Chase. He asked them to do more to respond to threats during a summit at the White House in late August.
“You have the power, capacity and responsibility, I believe, to raise the bar on cybersecurity,” Biden told the tech leaders.