Winvale Blog

3 Threats to the Government Cybersecurity Workforce and How to Mitigate Them

Written by Victor Nzeata | Mar 22, 2021 3:10:42 PM

Within the government’s cybersecurity workforce, you’ll find dedicated professionals who serve as contractors, civilians, or in the military. These professionals protect our national security, making them the target of malicious cyber actors who are trying to gain unauthorized access to information that is often restricted and housed in private military networks. With no other way to break into these networks, cyber actors use the government cybersecurity workforce as an avenue of approach, putting them at risk for unintentionally exposing classified government data.

There are 3 main threats that face the cybersecurity workforce:

  • Phishing
  • Ransomware
  • Non-certified security professionals

Let’s discuss these threats and what you can do to mitigate them.

1. Phishing

The most targeted threat vector, or path where a cybercriminal can gain access to the government’s cybersecurity workforce, is email. Recent studies by Ernst and Young report that 22% of organizations see phishing as their greatest security threat.

Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details or other sensitive details, by impersonating oneself as a trustworthy entity in a digital communication.

Recent studies by Verizon report that phishing makes up 80% of all cyber-attacks and 70% of breaches associated with our nation-state adversaries involve phishing.

Adversaries to the U.S. government choose phishing as their cyber weapon of choice. Phishing that deliberately targets a specific group such as the government’s cybersecurity workforce is considered as spear phishing. Spear phishing emails are more effective because they require extensive reconnaissance to add a personal touch to the email body.

Spear Phishing Emails 

Spear phishing emails have five common characteristics:

  1. Authority: The adversary will impersonate high-level officials or system administrators.
  2. Intimidation: The adversary will describe administrative actions or consequences if the desired action is not performed.
  3. Consensus: The target is more likely to comply if the adversary claims that others are also participating.
  4. Scarcity/Urgency: The adversary will prompt the user to act or make a claim about a limited supply.
  5. Trust: The adversary will impersonate a familiar or trusted company/person when sending the phishing email.

To increase the rate of success, the adversary will adopt 2-3 of these characteristics when crafting a phishing email.

Ways to Mitigate Phishing

Strong Passwords: Because phishing attacks are more successful when from coming from a trusted email address, a strong password can prevent the hack from taking place.

Email Security: Ensure email content and filtering is turned on and do not click on links or download attachments from unfamiliar sources.

Verify the Sender: If unsure of the legitimacy of the sender, contact him or her through an alternative source such as a phone call or alternative email address.

2. Ransomware

Ransomware is malicious software that employs encryption techniques to lock a user out of their device/data. The user’s device remains inaccessible until a ransom (fee) is paid to the adversary.

Ransomware attacks have dramatically increased since the emergence of cryptocurrency and were responsible for over $20 billion in damages in 2020. Ransomware presents a risk to government employees with security clearances because it can be a tool for extortion.

Following a successful ransomware attack against a government cybersecurity employee, the ransom note on the screen can be custom to government employees. A ransom note provides information such as payment instructions and consequences if the terms are not met. The adversary can scribe custom ransom notes that demand information in exchange for money.

Ransomware attacks can be especially impactful to national security when targeting a government cybersecurity professional. Information is a currency in this digital age and those with insider government knowledge are the targets of our nation’s adversaries.

Security professionals are trusted with knowledge of system vulnerabilities, missing/delayed security patches, and network architectures. As a result, an extorted government cybersecurity employee can provide the adversary with information that can lead to a cyber-attack.

Ways to Mitigate Ransomware

Software updates: Because most ransomware attacks exploit known vulnerabilities with system patches publicly available, keeping your devices updated with the most recent security patches is a good security practice.

Redundancy: Performing system back-ups will allow you to revert to an earlier version of your data prior to the ransomware attack.

Beware of Rogue USBs: Ransomware attacks can be carried by placing infected USBs in public places so beware when plugging untrusted USB device into personal or work devices.

3. Non-certified Cybersecurity Professionals

Certified IT professionals must sign and adhere to a professional code of ethics as a term of certification. This code of ethics deters unethical actions and a candidate’s acceptance verifies their acknowledgement of these violations.

Violations to the code can result in loss of all licenses issued by the certification vendor and the individual may be banned from attaining future IT security certifications. Certified professionals have more to lose because unethical actions can be directly reported to their certification vendors. A revoked license will also prevent the insider threat from pivoting to future security positions that require an IT security certification.

The Department of Defense (DoD) Directive 8140 was established to mitigate the risk of uncredentialled personnel residing in IT security positions. Cybersecurity professionals lacking certifications listed within the DoD 8140 violate this directive and introduce risk to the government.

Benefits of Choosing Certified IT Cybersecurity Professionals

  1. Ensures compliance with the Department of Defense Directive 8140
  2. The candidate’s cyber aptitude is measured against a global standard
  3. Promotes an ethical security hiring culture by blacklisting potential insider threats
  4. Maintains professional development through continuing education
  5. More likely to recognize a cyber threat even in non-IT roles

As a veteran-owned small business, Cyber Brain Academy was founded with government service at its core. Certification trainings offered by Cyber Brain Academy can decrease your risk of a cyber-attack due to untrained government employees. IT security certifications teach the latest tools and techniques to defend against cyber adversaries.

Trainings offered by Cyber Brain Academy are approved by the DoD 8140 to ensure each government cybersecurity personnel maintains federal compliance and can defend against emerging cybersecurity threats.