The immense number of sophisticated cyber-attacks against governments has highlighted the cybersecurity approach as a critical focus area within state leadership. The 2018 cybersecurity report released by Cisco reveals the increasing number of cyber attacks against the US government. From ransomware to cryptojacking, these attacks compromise excessive sensitive data managed by federal agencies and other state departments.
Hackers could be behind the execution of the cyber attacks against any government; however, there are broader chances that a state enemy is looking for sensitive data to exploit it. For instance, Russian hackers attacked the State Department email system in 2015. This incident is one of the worse cyber attacks in which 5.6 million American fingerprints were stolen, as reported by the Office of Personnel Management.
Such incidents and attacks raise questions against government planning and their less focus on the cybersecurity framework. However, it is necessary to figure out that what exactly causes the execution of potential cyber attacks.
Frail Cybersecurity planning
Most of the state governments are not eager to strengthen the cybersecurity for citizens. Instead, they focus on increasing privacy laws, which could provide security to some extent but tend to be more surveilling than anything else. Also, there are many nations like China, Iran, and others, which highly oppose the use of security tools such as VPN, and even they have declared VPN illegal, which has left Internet users more prone to threats.
Every government fancy cybersecurity and mention it as a significant need for the state’s success. However, there are fewer cases when we see a governmental plan reflecting cybersecurity awareness or the plans, which address the prompt solution after a sudden cyber attack.
Privacy planning against cybersecurity threats also needs a consistent update. Because of the fast technological pace, attackers are getting more privilege and capability to exploit the vulnerability. Therefore, the simultaneous revision and invigoration are necessary for cybersecurity planning from the government.
The absence of Deep Access to Security Lacks
Plans always need a prior analysis of the issue, whereas, the cybersecurity plan demands extra efforts. Although there are some effective conventional and generic security measures, every system has specific vulnerabilities.
The state governments commonly ignore the importance of problem detection, which could leave the strategic plan incompetent. Even if governments develop IT plans, they usually focus on some regular aspects such as infrastructure management.
Early vulnerability detection is highly beneficial for cybersecurity and could help in placing accurate security measures as well as in preventing potential data loss.
Addressing the Issue
Even though the governments should have strong cybersecurity planning and prior vulnerability analysis, the presence of both could be useless if the state government is unable in early detection of cybersecurity disturbance.
The appropriate issue analysis and threat report could not be achieved by just focusing on simple technological lacks. There are more components, which share a huge part in cybersecurity, for instance;
- The insurance that the members of law enforcement have proper security awareness is trained for the sudden
- Keeping a check that the systems are evaluated and monitored in real time.
- Monitoring that team addresses risk in the least possible time to avoid higher loss.
The security aspects governments mostly ignore, somewhere relates to the human training. However, many experts suggest the proper staff training as the most cost-effective way to execute a strong cybersecurity plan.
Best Practices for Cybersecurity
The overlooked aspects by most state governments could prove to be the potential improvements for cybersecurity if they are taken seriously. However, some of the vital recommendations to state governments for cybersecurity planning are:
- Access the citizen and employee data kept by the government to analyze the level of privacy and security. The federal agencies should have the data inventory project including the data classification of internal and external clouds and the managing mobile devices.
- Develop a strong cybersecurity framework and inspect vulnerabilities such as resilience against botnets and other automated, distributed threats.
- Keeping an eye on the government cybersecurity policies that whether they support the progress and conservation of the workforce or not. Also, check that the team is well-trained for cybersecurity and related fields or not. Such practice could provide as a foundation for achieving government objectives in cyberspace.
- Training the staff of federal agencies and other government departments so that they are efficient in managing sensitive government as well as citizen data. A well-aware workforce could better comply with government security policies.
Neglecting the cybersecurity threats could cost the citizen data along with the governmental loss. Therefore, to maintain citizen trust, the governments should not neglect the cybersecurity planning. Also, governments could find great help in the NIST (The National Institute of Standards and Technology) guide, “The Cybersecurity Framework – Implementation Guidance for Federal Agencies.”
Zehra Ali is a Tech Reporter and Journalist with 2 years of experience in infosec industry. She is also the Editor at PrivacySniffs.
Comment this news or article