To improve the federal government’s cybersecurity posture, the Department of Homeland Security created the Continuous Diagnostics and Mitigation (CDM) program.  On September 6, the House of Representatives voted to codify CDM, and barely two weeks later, the White House’s National Cyber Strategy assigned to DHS still more authority over cybersecurity in the United States.  What’s more, government contractors are winning 9- and 10-figure CDM contracts, so it’s clear that CDM’s time has come.

Fear of digital sabotage of the mid-term elections has become the biggest cybersecurity talking point of 2018. With the latest election security bill stalled in Congress and suspicions that Russia (and possibly others) are still seeking to sow divisions among the U.S. electorate, voters and political organizations are right to be worried.

2018 marks the 15^th year of the National Cybersecurity Awareness Month, a government/industry effort – observed every October – that works to ensure every American has the resources they need to “be safer and more secure online” and educating everyone about the roles they play in helping to safeguard the internet.

As hackers get more sophisticated, endpoint protection (EP) systems have grown more sophisticated. While no one claims to catch everything, endpoint protection matures each year. Let’s see what modern EP products have to do these days.

Each year, the cyber security community puts out new statistics on data breaches. While certain sectors face a different mix of threats, many of them evolving year-after-year, once constant remains – the deficit between the time a system is compromised and the time that breach is discovered.

Government agencies are moving to the cloud. It’s been a recurring message for a number of years, but in 2018 new statistics from Gartner give us concrete data on cloud spend: local governments spend 20.6% of their IT budget on cloud, while national governments spend 22%.

In a year in which we’ve witnessed the carnage of the Atlanta ransomware attack and U.S. government agencies remain on high alert about possible Russian cyber-attacks against U.S. critical infrastructure and electoral systems, new research shows that the cybersecurity landscape is evolving quicker than agencies can respond.

On Tax Day, 2018, the unthinkable (but not unexpected) happened. The IRS’ IT system crashed after a hardware issue took down a number of apps including those that interface with third-party tax preparation software as well as the IRS Direct Pay application.

IRS IT Systems are Decades Old

Shortly after the federal government suffered it’s largest and costliest data breach ever at the Office of Personnel Management (OPM), a post-mortem analysis found that the breach was entirely preventable, and the exfiltration of security clearance files of government employees and contractors could have been prevented through the implementation of two-factor authentication for remote log-ons.

Movies and TV would have us believe that data breaches are long, hard-fought battles between the good guy and the bad guy—and the bad guy wins. That could not be further from reality. Hackers are opportunistic. They want to spend as little time as possible getting into the system, getting what they need, getting out, and exploiting it as fast as possible.