How to Navigate the Federal Cybersecurity Threat landscape
As agencies adopt IT modernization initiatives, they’re finding that legacy security architectures aren’t keeping pace with the threats they face. Ineffective security measures leave agencies exposed to a variety of attacks.
The situation is made even more dire by the sophistication of the adversaries these agencies face. A 2022 report from the Office of the Director of National Intelligence noted that U.S. agencies face the threat of cyberattacks from the governments of China, Russia, North Korea and Iran. These nation-states have legions of skilled, experienced cyberwarriors who are trained to take advantage of the weaknesses in their targets’ defenses.
In some cases, the threat extends beyond government systems. For example, Szykier notes that China is not only a geopolitical adversary of the U.S. but also a commercial one. In addition to China’s notorious attack on the U.S. Office of Personnel Management, as well as breaches of the State and Commerce departments, Chinese hackers have been accused of stealing data from commercial targets such as Equifax and Marriott.
LEARN MORE: How Backup as a Service fits with agencies’ adoption of zero-trust security.
How to Prevent Attacks from All Angles
Federal agencies must be able to protect their systems and data from a variety of attacks. These include:
Phishing: In these social engineering attacks, perpetrators fool their targets into actions that compromise an organization’s cybersecurity, such as exposing sensitive data or downloading malware. The Ponemon Institute reports that 62 percent of federal IT and cybersecurity practitioners cited phishing and social engineering attacks among their top cyber risks.
These attacks are particularly dangerous when agencies have unpatched software vulnerabilities or configuration vulnerabilities that attackers can exploit after using phishing techniques to bypass perimeter defenses. The Cybersecurity and Infrastructure Security Agency (CISA) cited phishing-resistant multifactor authentication tools as key to helping agencies defend against these attacks.