Agencies have something cybercriminals want – data. Private, sensitive information about citizens is a valuable commodity, and wrongdoers are willing to take any risk to steal it.
Try as they might, however, agencies aren’t always capable of protecting citizen data. The sad truth is cybercriminals gain more weapons they can wield against governments every day.
According to Brad Montgomery, Dell’s Director of Presales Engineering, Federal Data Protection Sales, today’s cybersecurity odds are only growing more stacked against agencies. Dell is a computer technology company.
“The threats are everywhere,” he said on Thursday during GovLoop’s latest virtual summit. “It can be a bit dauting to determine the right approach to protect an agency against that.”
Besides Dell, Thursday’s event was also sponsored by Carahsoft, an IT hardware, software and consulting services provider.
Agencies, meanwhile, face a growing army of diverse cyberthreats whether they’re federal, state or local. For instance, Montgomery said that ransomware and other cyberthreats will cause $5 trillion in global risks over the next five years. Ransomware is a type of malicious software that blocks access to or leaks data unless a ransom is paid.
With their world only growing more perilous, how can agencies defend themselves? Montgomery shared four ways agencies can shield their data from danger.
1. Know Your Enemies
Montgomery cautioned agencies against making assumptions about the cybercriminals menacing their data.
“It doesn’t have a to be a nation state that’s launching a sophisticated attack against an organization,” he said. “It doesn’t have to be a criminal enterprise. It can be a 17-year-old with an idea.”
From cyberterrorists to political hacktivists, cybercriminals come in many forms – all of which pose potential problems for agencies.
2. Don’t Take Phishing Bait
Phishing tricks victims into disclosing sensitive data through fake electronic communications such as emails or phone calls. Regardless of the method, it’s a simple tactic that can devastate agencies.
“All it takes is for one mistake, one slipup, and then suddenly, the bad actor has admin privileges to wreak havoc,” Montgomery said.
Agencies can curb phishing’s power through cybersecurity training. Informed workforces are safer ones as they’re more likely to notice and avoid phishing attempts.
3. Watch for Insider Threats
Insider threats are people who obtain potentially harmful internal information from an organization. Whether accidental or intentional, insider threats can cause major pain for agencies.
“Once an insider can roam around your data protection environment, there isn’t much you can do to stop them,” Montgomery said.
Agencies can reduce the potential for insider threats by limiting what access credentials which employees get for which jobs. By reducing opportunities for harm, agencies can prevent many insider threats before they appear.
4. Intelligently Backup Data
Montgomery suggested data backups are one of the best defenses agencies have against issues such as ransomware.
“Data backups are the first line of defense,” he said. “We’re dealing with the 10-20% of data that is essential for getting the agency back on its feet.”
Subsequently, agencies that identify the data fueling their missions can guard it better and heal it faster after cyberattacks. In turn, the citizens these agencies serve experience shorter public service disruptions.
Ultimately, agencies can’t permanently defeat cyberthreats, but they can make abusing their data harder with steps such as these.
Don’t miss out on other virtual learning opportunities. Pre-register for GovLoop’s remaining 2020 virtual summits today.
This online training was brought to you by: