SEWP Contract Guide
IT and Threat Reduction Evolve Together
Innovative technology and sophisticated threats
Fshape cybersecurity.
ighting cyberthreats is a Trend Micro reports that fileless never-ending job. Whether it’s attacks grew by 256 percent over the
be almost anywhere in an agency’s environment — a Voice over IP (VoIP) phone, Wi-Fi printer, smart thermostat, network-attached storage device, or security camera. One report estimates that attacks on IoT devices tripled in the first half of 2019 alone.
Elsewhere, 5G wireless technology is overtaking the 4G mobile communications standard. The faster, advanced mobile technology is expected to support greater productivity, yet it also introduces risk. Its speed could induce workers
traditional ransomware or newer threats targeting 5G and internet- attached sensors, hackers continue to change their methods.
For federal agencies, keeping pace with cyberthreats isn’t the entirety of the battle. They also must comply with a growing list of regulations governing how to fight those threats. These dual challenges require a change in both the approach and technology agencies use to remain secure.
The variety of cyber incidents bedeviling federal organizations continues to grow. According to a recent report, government agencies have among the highest rates of breaches of any industry.
While ransomware and phishing attacks make up the majority of threats, hackers are changing their methods and introducing new types of attacks. They are using artificial intelligence and machine learning to continually change their code, making it undetectable, able to bypass filters and capable of hiding in everyday applications.
Hackers also are continually creating new types of malware, some of which have grown significantly over the past year. Fileless malware, which uses existing applications
and protocols to deliver malicious payloads and infiltrate networks, is one of the fastest growing.
S-40
first half of 2019 alone.
IT modernization can inadvertently
increase vulnerability. Newer technologies adopted by agencies
to speed processes and improve productivity can be ripe for attacks. Internet-attached sensors, commonly called IoT (Internet of Things) devices, provide a large canvas for hackers to modify firmware and gain access, capturing data and infiltrating networks. IoT devices today can
The Human Element
You can have the most effective security tools available, but if you are oblivious to what your employees know and do, your infrastructure won’t be secure.
At minimum, security professionals should stay apprised of security trends and regulations – and communicate that information to the IT staff.
“If security is in their job title, they have to be actively reading and researching,” says Steve Thamasett, a senior federal field solution architect at CDW·G. “Vendors are there to help, but people have to actively participate. No vendor will understand the specifics of your environment better than you do.”
Users continue to be the weakest link in the security equation. Make phishing and social engineering awareness training a priority.
It’s also important to expand cyber awareness and cyber hygiene beyond the IT staff by creating and enforcing guidelines for all employees.
“Paying attention to the basics is important because simple things like misconfigurations of products you think are working correctly could leave you open to vulnerabilities,” Thamasett says. “It’s not hard to make mistakes like that if you aren’t careful.”
FCW | CUSTOM REPORT