Why Are Cyber Attacks On US Government Agencies A Concern?
by Serena Raymond on Sep 9, 2021 12:00:00 AM
Government cyber attacks are happening
Cybercriminals, unfortunately, have a lot they can gain from infiltrating government agencies through online attacks. Not only can they impact government infrastructures, but they can steal secure credentials of government employees and citizens. Cyber attacks on US government organizations, according to some reports, are already in progress.
In this article, we’ll take a look at why cyber attacks on US government agencies are a big deal, why governments are vulnerable, and what non-government companies can do to help mitigate threats.
What can a catastrophic government cyber attack mean for you?
Not every cyber attack has the same motive, and the type of attack can vary drastically. So the fallout from a cyber attack can range from minor to major, but here are a few ways it might affect you directly as a non-government employee citizen:
- Your personally identifiable information (PII) might be acquired by cybercriminals
- Diversion of government resources (including manpower and funds) to deal with the attack may delay usual government services
- Small local governments that are forced to pay to unlock computers after ransomware attacks may not have funds to support normal programs
- Compromised government secrets can put all US citizen safety at risk
While this is not a comprehensive list of all ways in which a major cyber attack can impact individuals, it sheds light on the importance of mitigating these attacks.
In the UK, a ransomware attack left a local council with their IT servers disabled for over three weeks.
While the amount of the ransomware attack was not disclosed, and they could not confirm if any PII was compromised, council staff had limited productivity as they were informed they could not use any of their devices. They had to move to pen-and-paper. Because of this, residents complained that the council was not responsive. After three weeks, their IT capabilities still had not been restored! Normal business was postponed because of “ongoing IT issues.”
From this single example, the cost of a ransomware attack isn’t just in the money paid to the cybercriminal. A large portion of the cost is the disruption of normal operations and the cleanup of the attack.
Why are governments vulnerable?
Governments are one of the top targets of ransomware. And the attack surface is growing.
Not only has everything moved to the cloud, but in light of recent events, remote devices are becoming not just common but a necessity among government agencies.
So the attack surface just keeps growing.
Government agencies have a wealth of information that cybercriminals might want, and they’re strapped by:
- Limited and outdated IT resources
- Lack of network redundancy
- Inability to keep up with new technologies (and thus cyber threats)
Because so many governmental organizations are a necessity, they’re targeted by ransomware attackers because they’re more likely to pay the ransom. After all, if a police or fire department is impacted by a ransomware attack that makes them unable to respond to emergency calls, they’re very likely going to pay the hacker to get systems back online as soon as possible.
That brings us to where we are right now…
Cybercriminals capitalize on public concerns
Historically, cybercriminals have never been shy about capitalizing on major public concerns in order to steal credentials.
In the aftermath of Hurricane Katrina, phishing scams were such a concern that the FBI published information warning individuals on how to avoid falling for these scams.
In 15 years, nothing has changed. With the outbreak of coronavirus, not only have cyber attackers targeted individuals who are seeking information about the virus, they’re also targeting our government.
On March 15, the US Health and Human Services Department was the target of a cyber attack.
It does not seem like anything was taken from the department, but the fact that there are cyber attacks on US government agencies like this is concerning. The attack overloaded the Health and Human Services Department servers over a several hour period.
Shortly after, fake text messages were sent to citizens telling them about an impending quarantine. It’s not clear that the hack was related to the HHS cyber attack, but officials believe they are related.
Cybercriminals don’t take days off, even when the rest of the world is distracted and self-quarantining. So while our government, and governments worldwide, are dealing with the threat coronavirus poses, there is still the ever-present threat of cyber attacks—and this might be the moment that governments need to take cyber threats more seriously than ever before.
Action government remote workers and enterprises need to take
So what actions can you take to help ease concerns of cyber attacks and data theft?
First, a word to newly remote government workers: Secure your devices! Government employees who have disconnected from the network are suddenly less secure. Do not connect to unsecured WiFi networks, update your passwords, and do not open any suspicious email links. Here are a few more tips from your friends at the NSA.
Now a message to non-government employees and business owners: You have a responsibility just as much as the government to keep employee and customer records safe. In fact, large companies are especially accountable as a large data breach could impact a significant portion of not just American citizens, but people worldwide.
Here are a few tips:
- Protect your employees with DNS filtering
- Create a cyber attack response plan to help cut down on the time between identifying an attack and shutting it down
- Encrypt everything in the cloud
Cyber attacks aren’t going anywhere, but companies everywhere can take steps to keep customer and employee data where it belongs.
Looking for more information on how to stay safe during cyber attacks? Here are a few more website security tips.
The impending Cisco Umbrella RC End-of-Life has many Umbrella users concerned about their next steps and questioning which protective DNS solution might be able to fill the gap for their organization.
Industry State of the Art
This month there was a high level of focus on compliance issues spanning several focus areas from governments and oversight agencies around the world. And while there were actions taken with regard to specific vulnerabilities, a larger spotlight was placed on bigger picture security considerations in a more general context.
TL;DR: SASE is broadening—it is about more than just access! It is about endpoint protection and user-based access…and it's called Security Service Edge (SSE). All of the aspects of the joint NSA and CISA guidance on Protective DNS (PDNS) and user-level policies are part of the secure category, originally launched by Gartner in January 2022. Regardless, it’s been interesting to see the NSA and CISA create guidance recognizing the breadth of cyber...