The pandemic has created more problems than small businesses can manage. Many of them are focused on the most imminent challenges – helping employees work remotely and getting their product or service in front of a worried consumer. Cybercriminals are taking advantage of their distraction and their newfound love of web-based communication to gain access to their business networks. Once they have access to the network, they distribute ransomware or blackmail them with threats to dump sensitive customer and employee data online.
Small and mid-size businesses aren’t alone. In addition to profit-motivated hackers, government agencies also have to deal with so called “Advanced Persistent Threats.” These are hacking groups sponsored by foreign governments. This makes network security all the more important for government agencies.
Unfortunately, government agencies are also juggling too much right now. Local and state governments are in a similar position to small businesses, trying to balance increased demands and potentially devastating budget cuts. And nearly every government agency across the country is dealing with an increased number of remote workers, who are relying on email more than ever before.
It’s against this backdrop that Inspectors General are identifying security holes within their agencies’ networks. The Office of the Inspector General at the US Department of the Interior reported last month that they were able to use a $200 device to penetrate the agency’s network and view tickets assigned to IT staff, as well as other more sensitive data. The Department of Defense IG reports that the agency is purchasing printers and cameras with known security vulnerabilities. And the GAO is increasing its use of Internet of Things devices, a device category with notoriously poor security.
The US government has already experienced a few major breaches that are publicly known. The 2013 Office of Personnel Management hack exposed clearance data and fingerprints for millions of government employees and contractors. And in 2018, a data breach in the State Department’s unclassified emails system affected thousands of users. But agencies face a dangerous combination in coming months and years; more sophisticated hackers, more devices to target, and more data stored in more places than ever.
Preventing “the big one” – a data breach of sensitive data for millions of citizens that would lead to an irreparable loss of confidence in government agencies – will require more than antivirus software and password policies. It will require better data governance, AI-based network monitoring tools, and a reduction in the number of devices providing an exposed attack target. Inspectors General are already providing valuable oversight in this area. All investigative groups at the federal, state and local level with oversight responsibilities for the IT and Cyber practices at their agency are urged to stay vigilant and focused on making sure that data is protected that could impact our finances, security or both.
To learn how CMTS can increase investigator productivity and eliminate needless case management software headaches, call us at 855-667-8877 or email us at Team_CMTS@MyCMTS.com.