President Biden’s recent executive order outlines the federal government’s need for more robust cyber defenses as the United States faces persistent and increasingly sophisticated cyber attacks. However, the uptick in massive cybersecurity breaches at the federal level including the recent SolarWinds attack illustrates an unfortunate fact: the U.S government is still unprepared and unable to combat evolving cyber threats.
The truth is government cybersecurity at all levels - local, state, and federal - is still no match for the ferocity and sophistication of modern hackers. The good news is there are ways government agencies at all levels can cost-effectively improve their cybersecurity to turn the tide in the fight against cybercrime.
If government agencies want to keep their sensitive data secure and reduce the likelihood of a costly data breach from occurring, cybersecurity needs to remain a top priority. Before diving into the several ways government agencies can improve their security posture, let’s discuss why government organizations need to upgrade their cybersecurity now.
Governments at the local, state, and federal levels are popular targets for cyber attacks due to several factors including software vulnerabilities, budget cuts, a shortage of personnel, inadequate employee cybersecurity awareness training, and a lack of urgency to implement proactive security measures.
Government departments often rely on outdated legacy technology that is more vulnerable to intrusion and possess limited funding for upgrades and training. Government agencies are also targeted due to the high volume of confidential information they store. Due to these factors, 30% of federal agencies experience one or more ransomware attacks with ransomware accounting for 62% of the overall malware incidents among government agencies.
The SolarWinds attack and the ensuing consequences highlighted the federal government’s cybersecurity vulnerabilities, but state and local governments are continually targeted as well. Roughly two-thirds of all publicly known ransomware attacks in the US were against government agencies in 2019 with the majority of cyber attacks targeting town, city, and county-level entities. In 2020, at least 113 federal, state, and local governments were impacted by ransomware attacks with an estimated cost of $915 million. The statistics make it clear that ransomware is here to stay and hackers continue to target government agencies at all levels.
With ransomware attacks becoming more sophisticated, government agencies need to narrow the knowledge gap surrounding ransomware through proactive employee training in prevention and recovery. However, government organizations aren't dedicating the time and resources required to do this effectively, According to an IBM survey, only 38% of state and local government employees are adequately trained in ransomware protection.
So why is it time to upgrade government cybersecurity? The simple answer is government offices continue to be attractive targets for hackers.
Here are a few cybersecurity tips government agencies can proactively leverage to become more resilient to cyber attacks.
Implement Multi-Factor Authentication - Multi-factor authentication (MFA) is a method in which an end-user is granted access to a website or application only after successfully presenting three or more pieces of evidence: username, password, and a just-in-time response from a physical token. MFA technology ensures that even if login credentials are hacked or stolen, criminals still cannot access the system. Government agencies at all levels can leverage an intuitive and cost-effective multi-factor authentication solution to prevent costly breaches and sophisticated cyber threats.
Retire Vulnerable Legacy Technology - Legacy technology is more expensive to maintain and more exposed to cybersecurity risks as they age, especially when vendors stop issuing patches to fix vulnerabilities. To avoid exposure, government agencies need to upgrade their technology, transition to cloud computing, and expedite the implementation of modern IT software.
Leverage Cybersecurity Awareness Training and Simulated Phishing Tests - Government agencies can improve their cybersecurity by partnering with experienced cybersecurity service providers to implement a comprehensive cybersecurity awareness training program. A robust cybersecurity awareness training program will include interactive training courses and simulated phishing attacks. Similar to fire drills, phishing tests provide employees the valuable opportunity to test their knowledge in a controlled environment before the real scenario occurs.
Encourage Government Employees to Use Strong Passwords - Government agencies at all levels should be responsible for using strong passwords as the decryption abilities of cybercriminals continue to increase. Strong passwords use a combination of capital letters, numbers, signs and avoid using personal information such as birth dates and pet names as this information can be leveraged from employee social media accounts. Government institutions need to take proactive steps to educate employees on password management and password best practices to ensure the highest degree of cybersecurity.
Government agencies - regardless of size - can’t expect to improve their cybersecurity defenses overnight. Government institutions need to remain vigilant and take proactive steps to update their cybersecurity or risk being a victim of a cyber attack or data breach that will lead to devastating financial consequences.
The good news is government institutions are never alone in their battle for cybersecurity. Government agencies that understand the importance of improving their cybersecurity should partner with experienced cybersecurity specialists to implement a multi-pronged cybersecurity strategy that keeps their sensitive data secure.