Managing cyberthreats to government agencies

Federal, state and local organizations are now facing unique security challenges. Every level of government can take steps to help prevent cyberattacks, but a coordinated effort is needed across agencies to maintain the level of security required to stop a serious breach. 

Cyberthreats have been expanding in volume and complexity across all sectors as hackers, foreign countries, organized criminals and other bad actors seek to target agencies to steal or manipulate data. According to JP Morgan Chase, barely one out of four state and local government agencies say they are highly ready to withstand a cyberattack.

Government networks are an attractive target because they often contain sensitive personal information belonging to citizens, employees and vendors. Propriety software as well as strategic plans and other data can also be at risk. Agencies must identify vulnerabilities and threats, assess and improve cybersecurity efforts and invest in robust risk mitigation to prevent disruptive attacks on infrastructure and networks. 

The landscape of cyberthreats
Cyberattacks against government agencies at all levels are on the rise. Common motivations behind these attacks depend on the perpetrator. Sensitive voter information may be sought by foreign nations, whereas employee data may be accessed by criminals seeking to commit identity theft and fraud. Ideological hackers, also known as hacktivists, often attempt to penetrate government agencies to advance their group's agenda rather than for personal profit.

The methods used to attack networks greatly vary. For example, email-based attacks operate off of social engineering, as the perpetrator tricks recipients into opening malicious attachments or convinces them to divulge their username and password information, giving the hacker access into the organization. Comparatively, Zero-day exploits allow hackers to access systems through previously unknown security vulnerabilities.

Perhaps the most frightening hack of all is ransomware that encrypts data and freezes access across an entire network, possibly shutting down a city or town's entire operations.

Safeguards must be put in place to protect against attacks.

Cyberattacks on agencies 
At a federal level, hackers have managed to breach offices and agencies' websites and data files, accessing sensitive personal information of employees, contractors, taxpayers and others. Information  that has been stolen in the past includes home addresses, phone numbers, Social Security numbers and even direct deposit information for payroll. Attackers have also repeatedly managed to compromise government websites at the state level, filling them with propaganda. In either case, the result is the same: disruption, fear and scrambling to achieve restoration of security.  

Kaperskey notes that many attacks take the form of data encryption, snatching vital operating data and hiding it behind a password or key that is unavailable to officials until demands are met. Across municipalities, many towns and cities have been subject to ransomware attacks, where city officials were locked out of their computer systems and the hacker demanded a ransom in exchange for restoring access. This resulted in multiple instances where emergency services were unavailable, courts were disrupted, payment systems were shut down and the security of the municipality and the city government was compromised. In some cases, the ransom was paid, however in others, it is unclear whether the hacker was paid or as services were restored but city officials denied rumors of payment.

Public sector vulnerabilities
Cybersecurity needs to be a priority for the public sector as well. Oftentimes, vulnerabilities are known prior to an attack occurring, but officials have failed to address them, citing budgetary concerns or a lack of knowledge required to implement the necessary changes.  

The Freedom of Information Act was designed to provide transparency to the public, meaning that contracts are typically made available on government-owned websites. This opens the door for criminals who can utilize available information to impersonate contractors and request payment from vendor management teams or government accounts payable. Strict procedures and protocols regarding who can change vendor payment instructions must be implemented, or, small test-payment transactions should be carried out to validate any changes.

Government employee information is also often publicly available, as officials have their names, phone numbers and email addresses listed online. Bad actors may spoof email addresses or phone numbers and claim they're attempting to execute emergency transactions by targeting vulnerable employees under false pretenses. A staff member put under pressure by someone they believe is a representative of a public official or their own superior may process a transaction and bypass the security measures designed to prevent such mistakes. Employees must be trained to investigate requests and validate transactions, and protocols should be put in place to prevent the circumvention of such procedures.

Malware is becoming a larger problem as infected government computers can be utilized to execute global transactions, directing funds outside the country and into criminally controlled accounts. Employees must be rigorously trained and retrained to never open emails or click on links that are unknown. Outgoing wires or other financial transactions can be restricted from execution using security features that require additional verification from top level executives or accounts payable departments.

A risk management approach for addressing cyberthreats can improve the cybersecurity of government networks and safeguard critical infrastructure. Contact Perle about solutions for government cybersecurity support today.