Governments play a key role in the continued operation of society. While getting a speeding ticket or paying taxes may not be anyone’s favorite thing to do, they contribute to the government’s ability to protect its citizens while maintaining its infrastructure and services. Cybersecurity is critical for all organizations and government agencies, as they may hold sensitive information on both individuals, as well as key infrastructure. This raises cybersecurity to an imperative for the protection and operation of organizations.
Apart from the Departments of Defense, and Homeland Security, many government agencies struggle with the same things that any organization would, such as lack of budget, potential overwork, burnout, and short-staffing. In 2022, the American government had a budget of $9.8 billion for cybersecurity, which has been increased to $15.6 billion dollars in 2023. Much of this money has been dedicated to defense departments, such as the agencies listed above, with around 10% of the budget being allocated to agencies deemed as public administration.
The defense departments serve important roles, including protecting commercial and economic stability. However, even though public administration is granted a lesser budget, 10% of a $15.6 billion budget deserves some attention. Fortra’s recent report, which is based on agencies that fall in the public administration sector details nine ways threat actors have successfully performed cyber-attacks against almost 2,800 different agencies. The information which can be found in the report is relevant to organizations from all sectors, as cybersecurity is a necessity for organizations of all sizes.
Popular Exploits and Vulnerabilities
While there are no new attack vectors that made the list, the most popular attack vector utilized may surprise you. Of the almost 2,800 security incidents in 2022, 80% of the breaches were from external sources, and system intrusions surpassed social engineering as the top source of entry. In the private sector, we often see that phishing is the most prevalent attack path, so it is interesting to learn that government organizations are being exploited with different tactics. The threats which are detailed in this report are:
- Exploiting Misconfigurations
- Circumventing Password Security
- Finding Application and Software Bugs
- Phishing Attacks
- Social Engineering Attacks
- DDoS Attacks
- Exploiting Connected Devices
- Deploying Botnets
- Deploying Ransomware
This report describes the exploits, as well as potential points of entry used by the threat actors. By presenting this information in an easily digestible way, individuals from all levels of technical experience can reach a mutual understanding as to how these vulnerabilities can be exploited, the potential impacts, and realistic ways to reduce the likelihood of the exploit being utilized against them. While organizations from each sector will experience different complexity levels of cyber-attacks which have different end goals, the vulnerabilities discussed within the report are relevant to all levels of organizations and can help to deter beginner to mid-level threat actors.
While the report offers some important proactive strategies to combat the exploits, such as implementing penetration testing, utilizing red team simulations, patching outdated software, using multi-factor authentication, and automated vulnerability scanning, it is worth noting it is not a comprehensive list. Other critical yet easily implementable defenses are left out, such as firewall configurations, network segmentation, and user awareness training, to name a few. Talking about and referencing uncommon defense mechanisms can help those who are well versed in common attack vectors and mitigation techniques to potentially gain further insight into how to defend against those attacks more efficiently. Through continuing to seek information on attack vectors and defense mechanisms, you can deepen your own understanding and better protect your organization while also increasing your value to current and potential employers.
This report by Fortra does a good job of conveying statistical information and interpolating data to provide some realistic situations about how certain attacks may be successful, while also offering suggestions for minimizing the likelihood and impact of cyber incidents. All it takes for a threat actor to exploit a vulnerability is a single mistake from the defensive team, which opens a door for malicious actors to enter. While learning and reviewing information, it is important to not only learn the information, but also ask what lessons you can draw from it, as the information is truly only beneficial if we are willing to use it. Cybersecurity is constantly evolving and requires those who work in the profession to continually evolve and adapt along with the threat actors if they want to adequately protect their network and information.
To learn more about why governments are such attractive targets for cyber criminals and to gain additional insights on how to protect your government agency, you can read the latest report from Fortra’s Core Security here: https://www.coresecurity.com/resources/guides/ways-cyber-attackers-exploit-government-agencies
About the author:
Matthew McKenzie is currently a 3rd year student at Fanshawe College working towards acquiring an Ontario College Advanced Dipolma in the area of Cyber Security. He enjoys designing, implementing, and maintaining network security projects. When not studying or working, Matthew is an avid video gamer and moviegoer.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire, Inc.