By Sam Hutton, SVP, Glasswall
As ransomware attacks, insider threats, data breaches and phishing attacks against government agencies continue to skyrocket, organisations are at constant risk. There are many recent events such as the JBS Foods, the Colonial Pipeline and SolarWinds in 2020, proving that organisations need to be aware of any possible vulnerabilities that could potentially affect sensitive data.
Security risks for remote federal employees and government agencies
Since there is a discussion on keeping federal workers remote, there are concerns around the decreased level of precautions being taken toward cyber risks and the legal implications associated with cyberattacks. The 2021 Thales Data Report: Global Edition stated that 82% of people expressed some level of concern while working remotely. This number is even higher for federal employees at 84%. Remote work can harbor more risk for cyber attacks than for those in offices because at home connections are generally less secure, making access easier for cybercriminals to find. The report also notes that only 44% of employees were not confident in their existing security protocols.
For companies, organisations and government agencies, there can be legal repercussions for cyberattacks too. According to The Securities and Exchange Commission and Commodity Futures Trading Commission, while state and federal regulations vary, there may be further reporting required depending on the conditions of the cyberattack and the type of data that was compromised.
The impact of malware on classified files
Malware operates by infiltrating a point of weakness through a network, beginning the journey of lateral movement. Bad actors understand this and will intrude through an organisation, undetected, attempting to gather as much data as possible. For federal agencies, documents that enter government systems at an unclassified point are viewable for a wider audience, however, once they enter into a classification level — whether confidential, secret or top secret — there is a chance of malware being attached.
“Classified” determines information specifically designated by a U.S. government agency for limited, restricted dissemination or distribution. When documents are being taken up or down to higher or lower confidentiality levels, there is valuable information at stake. If files that were previously unclassified carry hidden viruses, there is an opportunity for digital adversaries to break into top-secret networks and infiltrate government information. This could enable them to steal trade secrets, learn about secret foreign policies or military tactics, which in turn can put lives at risk.
SolarWinds, one of the most catastrophic cyberattacks in U.S. history, resulted in the hacking of major enterprises and government agencies including the Department of Homeland Security and the Treasury Department for over 14 months before being discovered. The hackers were able to break into the SolarWinds systems by implementing a malicious code into a system known as “Orion” which was commonly known by companies to handle IT resources. This code is what created an opening for the hackers to install malware that allowed them to spy on companies. Due to the stealth movement of the hack, some of those involved may still be unaware. Bad actors know how to identify loopholes in the system to gain access to sensitive information. This further proves the value of implementing strict cybersecurity methods to ensure that sensitive data is protected. There needs to be proactive, zero-trust cybersecurity methods in place as government documents go through the confidentiality cycle to ensure that all files are protected and monitored.
How Content Disarm and Reconstruction (CDR) technology can help
It is imperative that federal agencies take a proactive approach in their file security methods. CDR technology works to clean and rebuild files to a ‘known good’ industry standard by automatically removing potential threats. Reactive cybersecurity strategies such as anti-virus software and sandboxing are no longer effective enough to keep up with the growing sophistication of cyberattacks. In fact, they can actually place users in the direct line of attack and increase the pressure on teams to handle threats.
CDR helps assess the areas of weakness by rebuilding files and removing areas of vulnerability. For government agencies, it helps close up loopholes and allow leaders to focus on more important things such as policy making and strategy.
The hackers behind SolarWinds are still actively trying to break into federal agencies. Cyberattacks are expected to become more prolific and more sophisticated as they develop new strategies for getting into private networks. Although there is an effort being made to improve the government’s cybersecurity such as Biden’s recent Cybersecurity bill, promising to develop a more comprehensive plan to mitigate risk; there is a crucial need to take steps to protect the safety of classified documents. If organisations implement a proper system of proactive cybersecurity, they will be better prepared to handle it when an attack comes.
About the Author
Sam Hutton, SVP, North America, Glasswall
“Sam prides himself on offering perfect partnership (and true collaboration) to organizations all over North America. Because with over 20 years’ experience in selling and delivering solutions to financial, security, defense and commercial sectors in this space, Sam knows even the most cutting-edge technology needs the best team of people to support it.”