The year 2020 was a devastating one for data breaches and cybersecurity, especially for federal government institutions. In the first quarter alone, government agencies saw a 278% year-over-year increase in the number of compromised information, totaling more than 17 million records during this time.
Meanwhile, governments are battling cybersecurity threats from inside their departments. As the Department of Homeland Security notes, “Insider threats are the source of many losses in critical infrastructure industries. Additionally, well-publicized insiders have caused irreparable harm to national security interests.”
Government leaders need to learn lessons from the past year to fortify their defensive postures without breaking their budgets. Here are three lessons that should be at the top of the list.
#1 Accidents are a significant cybersecurity concern
While bad actors abound, one of the most prominent threats to cybersecurity and data integrity are, incredibly, enabled by accidents and negligence.
For instance, a 2019 report by a prominent cybersecurity provider found that upwards of 90% of cloud-related data breaches are caused by human error. Similarly, cybersecurity assessments routinely find that employee negligence is a leading cause of cyber risk in the US
In a post-COVID-19 environment where more government employees are working remotely, these risks only become more acute.
Isolated employees are more likely to accidentally fall for a phishing scam, mix personal and professional technology, or inadvertently share or expose government data to the public.
To combat these threats, agencies need to develop insider-specific cybersecurity capacity, including the ability to identify threats in real time, prevent data exfiltration and investigate any data privacy concerns.
These oversight and response mechanisms support and promote data privacy best practices and prevent sensitive data from reaching the public.
Government workers are constantly under siege from phishing scams and other fraud attempts that threaten to compromise account security. Billions of login credentials are readily available on the Dark Web, giving bad actors easy access to employee accounts and government IT infrastructure.
As a result, government institutions can significantly upgrade their defensive posture by securing employees’ accounts. This includes:
Requiring regularly updated, strong, unique passwords. People have notoriously bad password hygiene, often reusing the same password across multiple accounts and updating the information infrequently, if ever. Strong unique passwords make it more difficult for bad actors to acquire this information, and, when they do, it prevents cascading consequences across other accounts.
Enabling multi-factor authentication. This simple service sends a message to employees that new account login activity is detected, often preventing bad actors from using stolen credentials to access these accounts. What’s more, using security tokens or 5-to-7 digital codes to accompany login attempts can thwart bad actors from accessing employee accounts. While the technology isn’t perfect, it’s a low-cost solution that can make a significant difference.
Using a virtual private network (VPN) service. Especially when managing remote teams, providing employees with a trusted VPN services can prevent cybercriminals from snooping or otherwise stealing data from unsecured connections.
#3 Attrition is causing an alarming talent shortage
Like cybersecurity personnel in every industry, government IT workers are burned out and exhausted. As the costs and consequences of a cybersecurity incident continue to mount, professionals and inundated with an ever-increasing threat landscape.
Government agencies already struggle to recruit and retain top cybersecurity talent, something that will only become more difficult as municipalities wield increasingly shrinking budgets and corporations continue hiring these professionals at vociferous rates.
In response, federal agencies should turn to automation and machine learning to reduce the number of alerts crossing the desks of IT personnel and to help mitigate threats in the first place.
Monitor digital activity for signs of accidental or malicious data sharing or exposure.
Reduce the number of cybersecurity threats, like phishing scams, that target employees.
Prevent data exfiltration before a breach.
Notify IT personnel of the more pernicious risks.
Automation can’t replace cybersecurity personnel, but it can augment their capabilities, allowing them to focus on the most profound risks while reducing the overall threat landscape that they need to address.
In the months and years ahead, we are all counting on government institutions to help eliminate the novel Coronavirus, return people to work and lead us to a more prosperous future.
Cybersecurity concerns threaten to undermine these priorities and the many responsibilities that government agencies undertake. By learning lessons from the past several years, it’s possible to benefit from those experiences, creating a more secure cyber environment moving forward.
Isaac Kohen is vice president of research and development at Teramind, a global provider of employee monitoring, data loss prevention (DLP) and workplace productivity solutions. Follow on Twitter:@teramindco.
Amelia Brust/Federal News Network
Is CISA’s third cyber emergency directive in five months a sign that things are getting worse?