Cybersecurity Is A Big Government Problem

The massive breach of the US Federal Office of Personnel Management systems that compromised the personal data of millions of Americans is still making headlines. But behind those headlines is a much bigger story about the US Government's systematic failure to protect itself from cybersecurity risks that have expanded at an alarming rate.
Perhaps nothing illustrates the challenge facing the government better than this chart from a Government Accountability Office testimony released in April that shows the number of information security incidents reported by federal government agencies in recent years:

 

Reports exploded between fiscal year 2006 and 2014, going from 5,503 to 67,168 -- an increase of over 1,100 percent, according to the testimony. Not all of those incidents represent breaches -- and only 27,624 of the incidents reported in 2014 involved personally identifiable information, the agency said. It's also possible that the chart actually shows the government is getting better at detecting when it has problems, rather than just actually having more problems. But it still clearly has some problems in that area, as evidenced by the OPM breach not being discovered until months after the initial incident, according to reporting by The Washington Post and others. Either way, the chart helps explain just how much constant vigilance is required to protect government systems. Unfortunately, the same testimony warned that government systems might not be up to the task:

For fiscal year 2014, 19 of 24 major federal agencies reported that deficiencies in information security controls constituted either a material weakness or significant deficiency in internal controls over their financial reporting. In addition, inspectors general at 23 of these agencies cited information security as a major management challenge for their agency.
Washington Post: http://wapo.st/1SNTztJ

 

« Insurance Tech Faces the Internet of Things Arms Race
First Ever EU Rules On Cybersecurity »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Itaccel

Itaccel

IT Accel began a decade ago as a band of technical recruiters who wanted to bring our experience and depth of knowledge to solving complex human resou

Globalscape

Globalscape

Globalscape is a leader in secure data exchange solutions.

National Cyber Security Centre (NCSC) - Norway

National Cyber Security Centre (NCSC) - Norway

NCSC is part of the Norwegian Security Authority, and is Norway's national cyber security hub and the national CERT.

IBackup

IBackup

IBackup is a Web Based Online Backup service provider.

CLUSIF

CLUSIF

Clusif is the reference association for digital security in France. Its mission is to promote the exchange of ideas and feedback through working groups, conferences and publications.

Magtech Solutions

Magtech Solutions

Magtech Solutions is a one-stop IT Solutions provider offering Cloud Computing, IT Security, Unified Email Solutions and ERP systems.

National Accreditation Authority Hungary (NAH)

National Accreditation Authority Hungary (NAH)

NAH is the national accreditation body for Hungary. The directory of members provides details of organisations offering certification services for ISO 27001.

ENLIGHTENi

ENLIGHTENi

ENLIGHTENi are the platform to develop next-gen talent in Technology, Risk, and Cybersecurity. Our mission is to develop next-gen talent through challenge-based learning and team collaboration.

CyCognito

CyCognito

CyCognito empowers companies to take full control over their attack surface by uncovering and eliminating the critical security risks they didn't even know existed.

RackTop Systems

RackTop Systems

RackTop Systems is the pioneer of CyberConverged data security, a new market that fuses data storage with advanced security and compliance into a single platform.

Razorpoint Cybersecurity

Razorpoint Cybersecurity

Razorpoint’s world-class security experts have provided advanced, effective cybersecurity expertise to corporate and public-sector organizations around the world.

Drip7

Drip7

Drip7 is a micro-learning platform that is re-inventing the way companies train their employees and build lasting cultural change around the importance of cybersecurity.

UK Cyber Security Association (UKCSA)

UK Cyber Security Association (UKCSA)

The UK Cyber Security Association (UKCSA) is a membership organisation for individuals and organisations who actively work in the cyber security industry.

Nitel

Nitel

Nitel is a leading next-generation technology services provider. We simplify the complex technology challenges of today’s enterprises to create seamless and integrated managed network solutions.

Artjoker

Artjoker

Artjoker is a full cycle software development partner specialized in Blockchain projects and smart contract development including full cycle information security of all projects.

Abacus Group

Abacus Group

Abacus Group is a global IT services firm for alternative investment firms, providing an enterprise technology platform specifically designed to meet the unique needs of financial services.