Page 131 - Cyber Defense eMagazine February 2024
P. 131

become more secure. By the end of 2022, though, the government had yet to implement nearly 900 of
            these.

            On  the  positive  side,  that  trend  means  federal  agencies  have  implemented  thousands  of  security
            improvements since 2021. The government has also proposed a $12.72 billion cybersecurity budget for
            2024, over $1 billion more than 2023’s spending.

            Much of the government’s recent security action has focused on increasing the cybersecurity workforce.
            Other changes — like the Cybersecurity Maturity Model Certification — hold government contractors to
            a higher standard to minimize third-party breaches. Federal agencies have also encouraged more public-
            private collaboration to improve security standings and recommended higher employee education and
            threat monitoring standards.

            Despite these changes, government cybersecurity still has much room to improve. 2023 saw an uptick
            in government breaches after three years of decline. The number of records exposed in these events
            also quadrupled between 2022 and 2023. These figures are still below all-time highs, but they don’t instill
            much confidence.




            Why Government Breaches Still Happen

            Part of this recent uptick in government data breaches stems from a rise in cybercrime as a whole. As
            the world relies more on data and digital systems, cybercriminals stand to gain more from their attacks,
            encouraging more crime. Tools like ransomware-as-a-service have also lowered cybercrime’s bar for
            entry, furthering this growth.

            Government  organizations  often  have  highly  sensitive  data,  making  them  more  valuable  targets.
            Consequently,  federal  agencies  experience  a  disproportionate  amount  of  this  growing  cybercrime.
            Education is the only industry to suffer more cyberattacks than the government.

            Of course, the government must also meet higher cybersecurity standards than many private businesses.
            While that should counteract some of the sector’s high attack volumes, it’s important to recognize that
            not all vulnerabilities are technical. Federal organizations may have advanced security software, but their
            employees are still vulnerable to social engineering and similar threats.

            Because the government experiences many attacks, its employees are more likely to feel cybersecurity
            fatigue — a feeling of being overwhelmed by security threats, leading to mistakes or complacency. More
            than half of all security professionals experience it, and frequently targeted sectors like the government
            are more vulnerable.

            Ironically, high cybersecurity standards may compound these workforce-related risks. Working through
            all the red tape of government security may make workers feel stressed or frustrated. As a result, they’re
            more likely to make security-endangering mistakes or fall for phishing attempts.








            Cyber Defense eMagazine – February 2024 Edition                                                                                                                                                                                                          131
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   126   127   128   129   130   131   132   133   134   135   136