Since the pandemic, more of what government workers do online has increased and along with that, employees have seen an influx of new passwords to keep in line.
That can be a cybersecurity risk for both government agencies and companies that are now allowing their employees to dial directly into their on-premises systems and networks.
“Passwords will not become obsolete, at least not anytime soon,” said Darren Guccione, CEO and founder of Keeper Security. “Passwords are essential for creating encryption keys, and are currently the most flexible and pervasive form of authentication. Traditional passwords may become less of a focus, but authentication, and ensuring that you have the most appropriate privilege access and control when you’re accessing data within an organization or protecting that information will always continue to be of utmost importance.”
Agencies are turning toward password managers to keep from repeating stale codes and ensuring other authentication processes are possible.
Those managers need to be FedRAMP approved, however, to stay current with government cybersecurity standards.
“It provides a unified set of stringent standards to ensure consistency of government cloud services,” Guccione said. “In terms of evaluating monitoring functionality, security, control, and compliance, this is a very cohesive set that ensures consistency across FedRAMP authorized applications. FedRAMP is something I wouldn’t even say is important, I think it’s essential.”
Pairing good password hygiene with new strategies for protecting systems is what the government is banking on to better its cybersecurity.
Zero trust is currently the model that the government is aiming for in all of its agencies to build more secure networks.
That strategy constantly asks for credentials from its users, and only gives access to parts of the system that a certain user needs. That way, a hacker will run into a dead end if they get their hands on the password of one employee.
“The Biden administration mandated zero trust in agencies by the end of fiscal year 2024,” Guccione said. “It’s requiring agencies to adopt zero trust security frameworks in order to mitigate the risk of a data breach. The main reason for this is because cyber attacks have become far more frequent, and far more sophisticated. The zero trust security architecture is essential because it mitigates the risk.”
Guccione said the new model can greatly impact the government’s security.
“It’s going to be a radical improvement,” he said. “It’s going to bolster and mitigate the risks of a data breach. Can we say that it’s going to reduce the number of attacks? No, I don’t think so. But, can we say that the key to an attack is not the attack itself. It’s the fact that you don’t want the attacker to intrude and gain access to those networks on that data. The key is, is to mitigate the risk of a data breach. I think that this framework and mandate is going to have a huge positive impact on the overall cybersecurity posture and strength of the government.
Guccione said 80% of data breaches are the result of weak or stolen passwords. Bolstering passwords and adding in a zero trust model can quickly improve how the government runs.