It’s no secret that security incidents involving federal systems have been on the rise over the past few years, but the actual numbers are staggering. Between September 2014 and June 2015, there were 30 million attacks – that’s 1,000 attacks each day. While 99% of these attempted breaches were stopped, approximately 30,000 attacks were successful to some extent over those 10 months. Of those 30,000, 80% could be at least partially attributed to inadequate data and systems management.
So what can government organizations and industry leaders do to proactively stop attacks and reduce these astounding numbers? The response must be multi-fold, tying in legacy architecture protection while placing an emphasis on the security of newer tools, like mobile devices and BYOD programs.
Securing Legacy Systems
When it comes to defending legacy Systems, many organizations are having trouble against the new age of attacks on their decades old systems. Legacy systems are rarely compatible with new security tools and protocols, and typically have to be overhauled to meet new standards. Yet, replacing these outdated architectures is not only costly but also hugely time consuming and can result in a loss of data and integration with other tools the agency already uses. For example, the Department of Defense’s Automated Control System, which administers access of items as serious as nuclear bombs, is 53 years old and relies on floppy disks. Old technology, like floppy disks, was not built to withstand today’s threat landscape. But even if they were, agencies still must grapple with the knowledge gap that exists between the workforce that implemented the tools and today’s more modern employees who may not even know how to manage and maintain them. The gap in IT expertise between old and new IT is perhaps one of the most challenging issues for government leaders to overcome but it is evident that it is also the most pressing.
Defending Mobility and BYOD
Just as a more connected world brings greater collaboration, more endpoints and connections means greater opportunity for hackers. Mobile devices have become a new attack vector, mirroring what many have seen with email attack tactics, including phishing, device takeovers, and malware. Mobile users need to be educated about the phishing tactics taking place over text and social media; clicking on a malicious link in a text or in a social link creates the same entry ways for hackers as those sent to desktops. Today’s mobile security postures should be centered on application security, rather than device security, as well as defending against human errors, like accidentally clicking on malicious links.
To mitigate these factors and get smart about security before an attack happens, federal IT professionals should ask themselves and their teams the following questions:
- What exactly is in our IT environment?
- Are we routinely assessing security and privacy risks?
- Are we testing the effectiveness of automated security practices?
- Do we share information about known weaknesses and vulnerabilities with agency leadership?
To learn how to answer these questions and more, visit the Carahsoft Partner Pavilion at DoDIIS to speak with F5 Networks about mitigating government cybersecurity risk factors. And to learn more about how F5 is working with government to develop proactive defenses, check out the archived sessions form this summer’s F5 Government Technology Symposium to hear from government practitioners how they are staying ahead of the evolving threat landscape.