This article is an excerpt from GovLoop’s recent guide,”How to Play Your Role in Cybersecurity.” Download the full guide here.
The 2018 “Enhancing the Resilience of the Internet and Communications Ecosystem” report to the president clearly states:
“To enhance the resilience of the Internet and communications ecosystem against distributed threats, all stakeholders must recognize and be prepared to execute their roles and responsibilities.”
Cybersecurity is not a strategy to be executed in the back offices of agency IT departments. While technology and security professionals continue to play a leading role in securing government information, cybersecurity depends on every agency employee today. The escalation of cyberattacks, both in volume and sophistication, makes it imperative that every public servant has an eye on security.
Frontline employees must secure their devices, follow cyber hygiene protocols and help identify potential insider threats in real time. Procurement professionals must ensure that everyone has the right technology and that it’s easy to secure from the time of deployment. Agency leaders must create and enforce robust cyber policies that tackle threats holistically, coordinating across technological, organizational and cultural aspects.
Here are a few statistics that highlight the state of cybersecurity in government.
Risks and Attacks
State and Local:
FY 2016 Agency-reported incidents by attack vector:
- Other 11,802
- Equipment loss or theft 5,690
- Web-based attack 4,868
- Improper usage 4,130
- Email/phishing 3,292
- Impersonations/spoofing 64
Prevalence of cyberthreats across state governments:
- Phishing, pharming and other related variants 47%
- Social engineering 42%
- Ransomware 29%
- Increasing sophistications and proliferation of threats (e.g., viruses, worms and malware) 14%
- Exploits of vulnerabilities from unsecured code 8%
- There was a 56% decrease in reported security incidents in 2016
- 30,899 cyber incidents led to the compromise of information of system functionality in 2016
Strategies and Funding
State and Local:
- 62% of state government respondents said a lack of skilled personnel is a “major challenge”
- Established and funded 43%
- Not in place 32%
- Established, not funded 21%
- In progress 4%
- Training and awareness 39%
- Monitoring/security operations centers 37%
- Strategy 29%
- Governance 29%
- 7,500 cybersecurity and IT employees were hired by agencies in 2016 versus 5,100 in 2015
- 100% of CFO Act agencies implemented policy to ensure that all employees with access to information receive privacy training
- 90% of non-CFO Act agencies implemented policy to ensure that all employees with access to information receive privacy training
- $19 billion was allocated for cybersecurity in the 2017 budget
- 70% of federal agencies have employed strong anti- phishing and malware capabilities to help safeguard their networks from malicious activity
- 81% of government users now use multifactor Personal Identity Verification cards to access federal networks
Cybersecurity is a journey during which strategies must change along with on-the-ground dynamics and escalating risks. To ensure that your agency is maintaining the most effective, organization wide cybersecurity strategy, make sure your employees — from the frontline analyst to the highest-ranking executive — are involved in the process of cybersecurity.