Several high-profile data breaches recently have put the spotlight on organizations’ data and network security more than ever. Most recently, unidentified attackers breached an Italian company called Hacking Team that sells spyware to governments and other organizations, threatening the company’s networks and potentially its clients. A number of government agencies have actually been among the threatened recently. In early July, Katherine Archuleta, the director of the US Office of Personnel Management, resigned from her post after two data breaches surfaced that together compromised the personal information of more than 25 million federal employees. And just two months earlier, the IRS suffered a security breach that allowed hackers to obtain tax-return information on 104,000 taxpayers.
Following Archuleta’s resignation, the Obama Administration ordered a “30-Day Cybersecurity Sprint” to tighten network defenses and relieve spending cuts hampering the defense efforts. While some strides were made, including increased use of smartcard and dual authentication access, some agencies made only limited progress during the month-long push.
These recent cyber attacks have proven that even government agencies are not safe, and they are a major reason why government agencies spent as much as $47.4 billion on IT in 2013, making it their third largest spending category, according to Government Executive magazine. Cybersecurity is becoming increasingly important as more people put their private information online and entrust the government with sensitive data, so spending on network protection services and equipment will remain a significant portion of the government’s total IT spend. According to Nextgov.com, Obama’s fiscal 2016 budget request would increase cyber spending by 11 percent, bringing total information security investment to $14 billion.
Despite the urgency, the cybersecurity bill currently with the Senate will be pushed out another month without a decision. Before heading into August recess this week, the Senate couldn’t come to an agreement on the cybersecurity bill’s amendments; objections from privacy advocates also stifled movement. “There should be concern about [another cyber attack on the government or the private sector],” Missouri Republican Senator Roy Blunt told the New York Times. “Should there be a major attack in August, voters could wonder why the government didn’t try to do something to prevent it.”
Until the bill is passed and greater measures are implement, there are steps organizations can take to protect their networks and data.
Leverage Security Services
According to market research firm IBISWorld, government agencies can limit their exposure to this escalating risk without overextending their budgets by procuring the right services and equipment at the right time.
Organizations can use data privacy consulting services and data center services to help them design and manage secure network databases. “Government agencies in need of data privacy consulting and data center services are encouraged to enter long-term contracts now, prior to future price increases,” said IBISWorld research analyst Andrew Krabeepetcharat. “Buyers can achieve additional savings by bundling other goods and services, such as IT network design and management and data processing services, into their orders.”
In addition to data protection services, there is a range of network services and equipment that organizations can invest in to improve digital security. For example, network planning and design services, which include the evaluation of network requirements, network architecture selection and product and technology recommendations, can help organizations build networks that are resistant to hacking. Says Krabeepetcharat, “Buyers can bundle additional services and products with their network planning and design services to encourage suppliers to come down on price. Because network planning and design is a highly specialized service, buyers should be sure to devote considerable time to researching appropriate suppliers.”
Invest in Hardware
Another important security purchase is network security equipment to help prevent the theft of data from computer networks. Network security equipment can help agencies improve e-mail and web security, mobile security, security management and secure access control. Although IBISWorld reports that prices for the equipment have been falling, some related services, like installation, maintenance and support services, will be required with purchase and, thus, push up the total cost of ownership, depending on the scale and complexity of the network security equipment purchased.
Lastly, as the use of and access to the internet has increased, firewall hardware has become a necessity for most large organizations. Firewall hardware can help protect government agencies’ computer systems, information and data from outside parties by filtering incoming information and data from the web. Says Krabeepetcharat, “Agencies are advised to purchase firewall hardware sooner rather than later to start preventing cyber attacks and capitalize on current prices before anticipated rises.”
These days, mobile devices are increasingly used to store and access a huge amount of data, and that data is extremely valuable. Dangerous malware can get on devices in two ways: an attacker gains physical access to a device, or a user downloads an unauthorized app via an e-mail, SMS message or other message.
Fortunately, there are steps to prevent malicious malware from accessing devices. Lookout Inc., a producer of spyware for smartphones, offers these tips:
- Use passcodes – at minimum – on laptops, mobile phones and other devices. A lot of spyware sold on the market requires that attackers have physical access to the targeted devices to install this software. Using passcodes or other authentication procedures on devices makes it that much harder for attackers.
- Don’t download apps from untrusted third-party marketplaces or links online. Spyware can be distributed through all of these means, so only download from official and vetted marketplaces. Additionally, organizations are encouraged to enforce policies around standard operating environments in the workplace that prevent users from downloading or running personal or unauthorized programs.
- Don’t use “jailbroken” devices because they are inherently less protected and are more vulnerable to attack when security protection measures aren’t properly enabled. Instead, purchase phones that are not locked to specific wireless carries from authorized sellers.
- Invest in spyware software that monitors systems and devices and stops attacks before they do harm.