Whether you’re trying to improve the security posture of the agency you oversee or your own employees, technology is a point of concern for government investigative teams. That’s because it’s a major vulnerability for government agencies.
There are plenty of reasons. Government agencies tend to have large amounts of data on their citizens or businesses (or both). Most government agencies can’t afford the expense of high-dollar cybersecurity consultants used by large corporations. Senior-most leadership turns over at least as often as political parties change, and often more frequently than that. Here are three categories that deserve special attention, however, due to their unique potential for harm.
One major reason government agencies face some heightened risks relative to private industry is that the software used by government agencies tends to have fewer customers than private corporations. That’s because there aren’t hundreds of thousands of large-scale government offices to sell these products to.
Since there are fewer customers, the software costs more per user. And because of that expense, government software is much older on average. Using legacy software sometimes means that the hardware and software supporting it can’t be updated either. For instance, nearly 1/3 of federal civilian agencies were running Windows 7 as of July, even though free support ended only 6 months after this time.
Despite antiquated software, holes in the security perimeter don’t pose the greatest risk. The greatest risks relate to internal employees, who have legitimate access to do things that can cause harm. In some cases insiders cause the harm themselves, but in many more cases they leave their credentials in a non-secure place where a bad actor can pick them up.
The world of cybersecurity and social engineering is likely to make it more difficult to separate truth and fiction. One threat outlined by many technology specialists is deepfake-based social engineering. How do you protect your information when you can’t trust that a voice is real? How do you know what is real and what isn’t when computer-generated people in videos look almost exactly like the person they’re imitating?
And of course, election interference is a major theme in the list of 2020 cyberfraud possibilities. Who will perpetrate the fraud, on which agencies, and how it will be perpetrated? Each of these questions yield plenty of different opinions.
What can be done?
The most important thing is to educate your workforce. Make sure your own office has the basics down! If your office is in any way charged with identifying threats to agency security, this is especially important, as falling prey to data theft or cyber fraud would reduce confidence in the office itself.
Most of the other security threats can be mitigated by ensuring that all software is appropriately patched, and that any legacy software too old for patching is protected by an alternate means until it can be disposed of (ideally as quickly as possible.) Gartner predicts that 99% of threats to data security in 2020 will spring from vulnerabilities that the security community already knows about.
Finally, make sure your team, agency or state is treating cybersecurity according to its true potential for harm. As recently as last year, several states had no money directly allocated to cybersecurity specifically. It’s no surprise that these states also faced a range of other problems, including a high rate of cybersecurity events given their population.
To learn how CMTS can help your investigative agency manage cases more efficiently, call us at 855-667-8877 or email us at Team_CMTS@MyCMTS.com.