Coronavirus Pandemic Highlights Government Cyber Vulnerabilities

Brian Thomas | March 27, 2020 | tag: Cybersecurity

As citizens adjust their daily lives to reduce the chances of catching or spreading COVID-19, the risks associated with the pandemic are extending beyond a national health and economic crisis. Cyberthreats, including phishing scams, spam, and other attacks against organizations are spiking by as much as 40% as bad actors seek to take advantage of global uncertainty and anxiety, according to new data from CNBC.

Cyber concerns are running particularly high in the public sector. Government agencies, not used to the concept of a remote workforce, are suddenly confronted with the task of reducing the cyber risk associated with hundreds and thousands of potentially insecure home offices. Meanwhile, these already over-taxed resources must continue to ensure the ongoing security of their traditional IT infrastructures.

The government finds itself in a vulnerable place

It’s a new world order that is playing out at both the state and local and federal levels.

Meanwhile, the federal government agencies that citizens depend on for facts and information during this crisis are under attack.

In mid-March, the U.S. Department of Health and Human Services (HHS) suffered a cyberattack designed to undermine the government’s response to the COVID-19 pandemic, reports Bloomberg. The attack, likely by a foreign actor, overloaded HHS servers with millions of hits over several hours, with the goal of slowing agency systems. In an interesting twist, officials also believe that the attack is linked to a series of fake messages spread by text, email, and social media falsely claiming that President Trump would soon order a two-week mandatory quarantine for the nation.

Agencies must step up their cyber vigilance

During these dark times, it’s critical that government agencies step up their cyber vigilance. All it takes is a misconfigured piece of software or an insecure home Wi-Fi network for a hacker to gain entry to critical systems, take them offline, breach data, or spread disinformation. It’s a risk agencies can’t afford to take.

Yet no matter how much money agencies spend to protect their systems and data, they are frequently outwitted, outcomes aren’t improving, and opportunistic attacks are on the rise.

With limited resources to protect their environments, it’s critical that focus is placed on the areas that will have the greatest impact on the organization’s overall security posture. Now, more than ever, there are three things that organizations must do:

  1. Develop a comprehensive security performance management program that assesses the organization's overall security posture and helps teams prioritize and target vulnerabilities. This will help security teams stay one step ahead of threat actors.
  2. Gain insight into critical digital assets, no matter where they're located. This includes the data center, the cloud, or across geographies. As more people work remotely, home network monitoring will also be critically important. Security teams must be able to discover potentially risky remote office IP addresses that are more likely to be infected with malware and expose vulnerable services.
  3. Monitor and assess third-, fourth, and nth-party risk. All organizations depend on these partners for business success. They need to be carefully yet expeditiously vetted to ensure they're not bringing unwanted risk into the organization.

With these insights, government security teams can gain unprecedented visibility into key risk vectors (such as unpatched systems, insecure access points, or vulnerable vendors), calculate and prioritize that risk, and continuously monitor their assets and the remote workforce so that no vulnerability goes unchecked.

A proactive cyber defense strategy is needed as we flatten the curve

Amid this pandemic, for the first time in many of our lives, the role of government has never been more vital.

Hopefully, we will flatten the curve of COVID-19 infections, but until we do, we must be able to count on the continued “functioning” of vital government information, guidance, and services as we navigate this crisis.   

To do this, agencies need to stop playing whack-a-mole and recognize that they can’t keep fixing issues as they arise. Good cybersecurity requires a shift from a reactive defensive strategy to a focused and proactive approach that SPM enables. One that allows security teams to effectively identify the most pressing and urgent threats to their growing networks — inside and out — make confident and informed decisions about where to focus security resources and, ultimately, stay one step ahead of nimble threat actors.

75 Percent of eomployees now remote workforce

Some industries have seen as much as 75% of their workforce shift to remote work

Explore our resources to learn how to reduce cybersecurity threats and find operational efficiencies for a remote workforce.

See all resources

Suggested Posts

The BitSight and Moody's Partnership: A New Era For Cybersecurity

Cybersecurity is one of the biggest threats to global commerce in the 21st century.

By providing data-driven insights into cybersecurity, we can empower the marketplace to make better, risk-informed decisions and create a more secure...

READ MORE »

4 Critical Success Factors for Effective Security Risk Management

With the average cost of a data breach in the U.S. reaching nearly $8.6 million, your organization can’t afford to ignore cybersecurity risk. Indeed, the need for security risk management is greater than ever. When cyber risk is managed...

READ MORE »

What are Cyber Security False Positives and How Can You Prevent Them?

Imagine you've alerted your IT team to a critical infrastructure error plaguing your network. You ask them to drop their current work and focus on immediate remediation of this detected vulnerability. After further investigation,...

READ MORE »

Get the Weekly Cybersecurity Newsletter.