While high-profile fraud prosecutions and abuse of power allegations provide investigative offices with news headlines and public awareness, they only represent a fraction of the work IG offices do. Inspectors General offices in particular are often charged with identifying unacceptable levels of risk within agencies and providing recommendations on how to close those gaps. Federal IG offices have made more than 9,000 recommendations so far in 2019, and many of these are on reducing risk or making better use of agency resources.
There are plenty of technology-related recommendations within these. Historically, many of these recommendations have focused on the drawbacks of outdated technology, which is prevalent within government agencies. Outdated technology is slow, prone to crashing, difficult to support, and it often is lacking key functionality available in current technology that would better fulfill the agency’s mandate.
It’s also insecure. Typically, off-the-shelf technology is supported by the developer for a period of years before it enters end-of-life. At that point, security updates are rarely issued, even if flaws are found which could jeopardize the security of the agency’s data.
Unfortunately, even modern software is prone to data theft and extortion. This has become a major threat in the past 24 months due to the prevalence of ransomware in government agencies. Ransomware attacks have hit small towns, large cities, and major state agencies.
Federal agencies haven’t been subjected to the ransomware epidemic of state agencies, but they’re far from immune to IT threats. The US Postal Service accidentally exposed data for 60 million users. The Office of Personnel Management lost 21 million records to China, and the VA was hacked by foreign actors as far back as 2013.
These threats make cybersecurity vulnerability awareness one of the most consequential activities that investigative oversight bodies can perform. The public is certainly appreciative of the work investigators do to protect taxpayer dollars. But agencies with staff who can perform technical security audits can save constituents from an even greater headache: months of dysfunctional government, identify theft fears, and the moral hazard of knowing that their tax dollars went to someone who extorted their own government. The challenge for investigative offices, as it is for most risk mitigation groups, is to hire the technical staff to do this sophisticated security auditing.
To learn how CMTS can
help your investigative agency close cases more efficiently, call us at
855-667-8877 or email us at Team_CMTS@securecasemanagement.com.