While improving cybersecurity has long been a key focus of federal agencies, the Executive Order on Improving the Nation’s Cybersecurity (Cyber EO) provided clear direction and action items for the federal government to prioritize their cybersecurity modernization efforts. The Cyber EO looked at the current and projected threat landscape to ensure that cybersecurity efforts would be in line with the evolution of threats as well as the changing way the government works.
Work from anywhere, attack from anywhere
Telework, implemented in response to COVID-19 public health concerns, has made it possible for employees to complete their work from anywhere. At the same time, it has opened many more opportunities for bad actors to gain access to Federal networks through all of the new connections. A recent report found that 52% of public sector IT professionals believe the acceleration of hybrid IT environments has increased the complexity of their organization’s IT management. This complexity leads to lower visibility into what is actually happening on networks and makes it harder to diagnose and detect anomalies and problems. The Department of Veterans Affairs has appealed to Congress to bolster its workforce to improve the growing complexity and to respond to increasing digital threats.
Ransomware, the gift that keeps on giving
Ransomware, the practice of taking over a system then demanding money to release control, is one of the biggest threats to organizations. A recent survey found that 73% of respondents said their organizations were targeted by at least one ransomware attack over the past 24 months – up from 55% the year before. But once an attack is resolved, the problem is far from over. Only 42% said payment led to full restoration of all systems and data. Even more troubling is that of the victims that paid the ransom, 80% were hit a second time, 68% within a month – with a higher ransom demand.
Not paying the ransom means finding an alternative route to restoring access to systems and securing data, a time consuming and expensive endeavor. The longer the ransomware hackers have access to systems the more harm they can inflict or threaten to inflict. Doxing is a practice where hackers weaponize an individual’s personal information to punish, harass or to encourage threats. This practice is particularly used in the public sector to target police, poll workers, and school officials.
Stop the payment, neutralize the threat
Ransomware hackers are increasingly seeking payment in the form of cryptocurrency. While this can help anonymize the payment recipient, increasing cooperation among the private sector and law enforcement is closing that loophole. Since blockchain technology, the technology that underlies cryptocurrency transactions, is inherently designed to register users accessing certain data, this traceability can work against bad actors. Crypto executives are working with Congress to develop ways that these private sector companies can help track down hackers through payment systems. This cooperation is already showing success.
In response to Russian aggression toward Ukraine, the Biden administration placed a virtual currency exchange on a list of entities banned from an association by U.S. persons. As a result, deposits to that exchange dropped to nearly zero, causing ransomware criminals to seek out other, more complicated methods to disguise money transfer.
- 5 Cybersecurity Trends Shaping Government Modernization in 2022 – 2022 is shaping up to be a key turning point in how government implements modern cybersecurity practices. This 2022 cybersecurity trend report aims to outline the key trends impacting government’s approach to securing data and systems.
- Global Cybersecurity Outlook 2022 – The aim of this report is to provide an in-depth analysis of the challenges that security leaders are dealing with, the approaches they are taking to stay ahead of cybercriminals, and the measures they are implementing to enhance cyber resilience not only within their organizations but also within the wider ecosystem.
- Ransomware and Federal Law: Cybercrime and Cybersecurity – Exploring legal issues implicated by two potential approaches to combatting ransomware, this report first summarizes the potential for criminal prosecution under federal statutes such as the Computer Fraud and Abuse Act (CFAA) and the Economic Espionage Act (EEA). Additionally, legal issues facing ransomware victims—in particular, whether victims’ risk legal liability by making ransomware payments, are also identified.
- Cybersecurity Framework Profile for Ransomware Risk Management – This Ransomware Profile identifies the Cybersecurity Framework Version 1.1 security objectives that support preventing, responding to, and recovering from ransomware events. The profile can be used as a guide to managing the risk of ransomware events. That includes helping to gauge an organization’s level of readiness to counter ransomware threats and to deal with the potential consequences of events.
- (ISC)2 Security Congress (October 10-11, 2022; Las Vegas, NV) – This event turns the spotlight on cutting-edge collaboration and learning for thousands of cybersecurity professionals from all over the world.
CyberWeek 2022 (October 17-21, 2022; virtual and Washington, DC) – CyberWeek is the nation’s largest week-long cybersecurity festival focused on digital threats, best practices and the U.S. government’s work on improving cyberspace. Events bring together C-Suite leaders from major technology companies, state and federal government agencies, and other influential decision-makers across hundreds of community-driven events to share best practices and spark collaboration on big ideas that will revolutionize technology in the U.S. and fend off the next generation of attackers.