Mistakes by workers undermine the efforts to safeguard US federal data against hackers

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.dailykos.com/story/2014/11/15/1345118/-Mistakes-by-workers-undermine-the-efforts-to-safeguard-US-federal-data-against-hackers?de

Due to an increasingly large number of cyber attacks, a $10-a-year effort
to safeguard sensitive and secretive US government data, from Social
Security numbers to military secrets, is struggling to keep pace and is
continuously being undermined by federal employees and contractors. In
fact, reports also suggest that workers scattered across more than 11-12
agencies, from education and defence departments to the National Weather
Service, are responsible for more than half of the cyerincidents faced by
the federal government in the year 2010, as per the Associated Press
analysis of records.

Cyber glitches made by the employees

Studies reveal that they have clicked links in useless phishing emails,
clicked on malware-laden websites and were also vulnerable in front of the
scammers who have successfully got some secret private information. There
was an employee who was redirected to a harmful site after he clicked in a
video of tennis star, Serena Williams. While a few of the employees act
intentionally, most famously, the former National Security Agency
contractor Edward Snowden, downloaded and leaked out documents that
revealed the collection of phone numbers and email records by the
government. There was another contractor who lost equipment that consisted
of confidential information of millions of Americans, including Robert
Curtis, of Monument, Colorado.

String of doubts on the federal government – Slip of duty during a crucial
time

2014 is a time when, according to the intelligence officials, cybersecurity
is the most effective way of stopping terrorism, which is posing the No.1
threat to the US. During a time when breaches at businesses like Home Depot
and target focus attention on data security, the federal government
shouldn't take part in publicizing its own data losses. In order to
determine the extent of federal cyber attacks, the AP filed a number of
Freedom of Information Act requests, interviewed the hackers, the cyber
security experts and the other government officials and obtained documents
that described digital cracks within the main system.

Fears about breaches there since operations were shifted to computers

A review shows that it has been 40 years and more after the first federal
data protection laws has been enacted and the federal government is still
struggling to mend the loopholes without their knowledge, the staff and the
entire system so that they can easily outwit an ever-evolving enemy. In
fact, there were fears about breaches since the late 1960s when the
government started shifting its operations onto computers. Although the
officials came up with software designed to sniff out all malicious
attacks, yet attackers have always found their way of exposing millions of
sensitive and private government records.

> From 2009-2013, the number of reported breaches on federal computer
networks, rose from 26,943 to 46,605, as per reports by the US computer
emergency readiness team. Last year, US-CERT responded to about a total
number of 228,000 cyber incidents amongst the federal agencies, contract
partners and companies that run crucial infrastructure. This is more than
double the attacks and incidents that occurred with the federal government.

In a recent discussion, the federal government has agreed to the fact that
they will continue to face such human attacks unless there’s education
spread all over the workforce. Although the federal government has agreed
to spend about $65 billion on some cyber-security contracts between
2015-2020, there are many experts who believe that the effort isn’t going
to encounter a growing pool of hackers whose motives will be very
different. Hence, we see how the mistakes of the federal employees can lead
to such a big glitch over the entire US market.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!