Understanding the Likelihood and Risks of Cyberattacks
The best way for IT leaders to understand how to proactively tackle cybersecurity is to understand the risks on the rise and the high likelihood that their agencies could become targets. ExtraHop found that 58 percent of global IT security leaders reported experiencing six or more ransomware incidents in the past year, and 41.6 percent of government IT leaders paid between $500,000 and $1 million in ransomware payments in that same time frame.
Aside from the financial implications and being forced to communicate with criminals, ransomware attacks can require agencies to pause operations, with potentially catastrophic consequences for critical infrastructure or services. These attacks also take up valuable time that security operations center analysts could instead use to focus on other essential tasks, opening the possibility for more gaps in their defenses.
Gone are the days where agencies could treat cyberattacks as “if” scenarios; they’ve become the ultimate “when” situations.
Cyber Hygiene Requires Continuous Effort
Despite a clear uptick in attacks, government IT has some of the poorest cyber hygiene, according to ExtraHop.
DISCOVER: CMMC 2.0 comes with new security requirements for DOD contractors.
This does not necessarily mean these leaders aren’t relying on valuable solutions or tools. It means they’re not putting enough time or focus into looking for additional gaps or applying best practices to fix them.
These issues are not exclusive to the government. Despite frequent warnings around zero days and regularly shared patches for common vulnerabilities, many organizations still neglect to update their software; nearly half are still running at least one insecure network protocol that threat actors are known to exploit, according to ExtraHop. IT leaders cannot wait for their software to be exploited to act.
Certain policies should require regular software updates to cover ground on critical patches and should extend from old software to new. For example, generative artificial intelligence is finding its place in every industry, but any integration must be accompanied by strong policies designed to protect sensitive data from becoming vulnerable, whether through employee misuse of AI tools or large language model exploits.
Federal IT leaders should continually search for solutions that can reveal risks, help build business resilience and offer additional avenues of security. While security technology adoption is growing, only around a third of respondents globally had deployed or planned to deploy any individual cyber solution — including network detection and response, endpoint detection and response, or security information and event management — ExtraHop found.
EXPLORE: Agencies should take these four steps to secure systems after the CISA breach.
Prioritizing Cybersecurity in Agencies’ Budget Cycles
Budget will be a constant battle for most agencies, and few government IT leaders are getting the funding they need to be effective. In fact, 31 percent sought a budget increase by more than half, according to the ExtraHop study.
Elevating these concerns requires a cybersecurity advocate in budget conversations who can point out that agencies must comply with security mandates and executive orders. It is essential that IT leaders communicate upward to agency decision-makers that cybersecurity is worth every penny.
This includes purchasing tools, hiring staff and conducting training to prevent social engineering attacks, which remain a primary way for threat actors to gain access to an agency’s network. A human element was involved in more than two-thirds of data breaches in the past year, according to Verizon’s 2024 Data Breach Investigations Report.