One of the most pressing challenges facing government agencies is the ability to guard against cyberattacks. GovLoop’s recent cybersecurity event covered the some of the findings from our recent GovLoop report, and connected industry and public sector professionals to collaborate and share best practices to improve government’s security.
During the industry panel, Andy Bonillo, Director of Cyber Security and Public Safety, Verizon’s Public Policy, Law and Security, and Derrick Dickey, Identity and Access Management Specialist, Dell Software, spoke about what they are hearing in terms of challenges from their public sector clients. They also participated in a Q & A with the government audience.
Understanding Where 92% of Cyber Threats Come From
Bonillo provided an overview of the 2014 Data Breach Investigations Report (DBIR). First published in 2008, Verizon’s report is a comprehensive look at cybersecurity trends facing public and private sector agencies. The report includes:
- Insights from 50 global organizations and 95 countries
- Statistics from 1,367 confirmed data breaches
- Data from 63,437 security incidents
One statistic that the report notes is the “92% of the universe of threats may seem limitless, but 92% of the 100,000 incidents we’ve analyzed from the last 10 years can be described by just nine basic patterns.” The report provides key strategies and best practices to overcome the nine cyber patterns that are identified.
The Importance of Password Management
Dickey spoke quite a bit about the importance of proper password management. In our report, we talk about this variable as well. For government agencies, it’s a difficult challenge to maintain proper password management. It’s not like in our personal lives where it’s as easy as clicking the password reset button.Often, there are multiple people working on projects, during different times. So in order to remain secure, vendors must constantly be given access to or removed off of programs. That’s why onboarding and off-boarding is an important practice that agencies need to focus on.
“Make sure that once someone leaves an agency, their credentials are removed, their password is gone and a new password generated and provided to team,” said Dickey. Remarkably, he also noted that the longest password he has seen is 127 characters.
Another best practice revolves around identity management. “You need to know who is who, what is what, and what they are doing [on the network],” said Dickey.
Protect Your Data
But it’s not always just about the kinds of threats and password management. “A big question that I have been getting is, do you have a solution that can actually separate the data, and who can access the data?” said Dickey. This challenge extends beyond government and forces agencies to think more about how to protect their information.
GovLoop offers many resources on cybersecurity. We know it’s a complex world, but here’s a few resources to help you get smart and learn from your peers. For more coverage of the sessions at GovLoop’s recent cybersecurity event, click here, and download GovLoop’s recent Cybersecurity Guide here.