Within the government’s cybersecurity workforce, you’ll find dedicated professionals who serve as contractors, civilians, or in the military. These professionals protect our national security, making them the target of malicious cyber actors who are trying to gain unauthorized access to information that is often restricted and housed in private military networks. With no other way to break into these networks, cyber actors use the government cybersecurity workforce as an avenue of approach, putting them at risk for unintentionally exposing classified government data.
There are 3 main threats that face the cybersecurity workforce:
Let’s discuss these threats and what you can do to mitigate them.
The most targeted threat vector, or path where a cybercriminal can gain access to the government’s cybersecurity workforce, is email. Recent studies by Ernst and Young report that 22% of organizations see phishing as their greatest security threat.
Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details or other sensitive details, by impersonating oneself as a trustworthy entity in a digital communication.
Recent studies by Verizon report that phishing makes up 80% of all cyber-attacks and 70% of breaches associated with our nation-state adversaries involve phishing.
Adversaries to the U.S. government choose phishing as their cyber weapon of choice. Phishing that deliberately targets a specific group such as the government’s cybersecurity workforce is considered as spear phishing. Spear phishing emails are more effective because they require extensive reconnaissance to add a personal touch to the email body.
Spear phishing emails have five common characteristics:
To increase the rate of success, the adversary will adopt 2-3 of these characteristics when crafting a phishing email.
Strong Passwords: Because phishing attacks are more successful when from coming from a trusted email address, a strong password can prevent the hack from taking place.
Email Security: Ensure email content and filtering is turned on and do not click on links or download attachments from unfamiliar sources.
Verify the Sender: If unsure of the legitimacy of the sender, contact him or her through an alternative source such as a phone call or alternative email address.
Ransomware is malicious software that employs encryption techniques to lock a user out of their device/data. The user’s device remains inaccessible until a ransom (fee) is paid to the adversary.
Ransomware attacks have dramatically increased since the emergence of cryptocurrency and were responsible for over $20 billion in damages in 2020. Ransomware presents a risk to government employees with security clearances because it can be a tool for extortion.
Following a successful ransomware attack against a government cybersecurity employee, the ransom note on the screen can be custom to government employees. A ransom note provides information such as payment instructions and consequences if the terms are not met. The adversary can scribe custom ransom notes that demand information in exchange for money.
Ransomware attacks can be especially impactful to national security when targeting a government cybersecurity professional. Information is a currency in this digital age and those with insider government knowledge are the targets of our nation’s adversaries.
Security professionals are trusted with knowledge of system vulnerabilities, missing/delayed security patches, and network architectures. As a result, an extorted government cybersecurity employee can provide the adversary with information that can lead to a cyber-attack.
Software updates: Because most ransomware attacks exploit known vulnerabilities with system patches publicly available, keeping your devices updated with the most recent security patches is a good security practice.
Redundancy: Performing system back-ups will allow you to revert to an earlier version of your data prior to the ransomware attack.
Beware of Rogue USBs: Ransomware attacks can be carried by placing infected USBs in public places so beware when plugging untrusted USB device into personal or work devices.
Certified IT professionals must sign and adhere to a professional code of ethics as a term of certification. This code of ethics deters unethical actions and a candidate’s acceptance verifies their acknowledgement of these violations.
Violations to the code can result in loss of all licenses issued by the certification vendor and the individual may be banned from attaining future IT security certifications. Certified professionals have more to lose because unethical actions can be directly reported to their certification vendors. A revoked license will also prevent the insider threat from pivoting to future security positions that require an IT security certification.
The Department of Defense (DoD) Directive 8140 was established to mitigate the risk of uncredentialled personnel residing in IT security positions. Cybersecurity professionals lacking certifications listed within the DoD 8140 violate this directive and introduce risk to the government.
As a veteran-owned small business, Cyber Brain Academy was founded with government service at its core. Certification trainings offered by Cyber Brain Academy can decrease your risk of a cyber-attack due to untrained government employees. IT security certifications teach the latest tools and techniques to defend against cyber adversaries.
Trainings offered by Cyber Brain Academy are approved by the DoD 8140 to ensure each government cybersecurity personnel maintains federal compliance and can defend against emerging cybersecurity threats.