Ransomware is quickly becoming the favored means for criminals to extract a profit from unsuspecting villains – most notably in the public sector. Throughout 2017 ransomware grabbed the headlines – WannaCry, Petya, etc. – both of which targeted government agencies. When they succeed the implications can be serious.

Microsoft Active Directory is a critical tool that helps system administrators manage user privileges and secure their IT infrastructure, yet Active Directory presents several security challenges. Most problematic is that Active Directory’s attack surface is huge. Targets for attack include every domain name user account, admin and security group, domain controller, backup, admin workstation, and admin delegations and privileges. If any one of these targets is compromised, your entire Active Directory can be compromised too.

The Threats

Microsoft Active Directory is a critical tool that helps system administrators manage user privileges and secure their IT infrastructure, yet Active Directory presents several security challenges. Most problematic is that Active Directory’s attack surface is huge. Targets for attack include every domain name user account, admin and security group, domain controller, backup, admin workstation, and admin delegations and privileges. If any one of these targets is compromised, your entire Active Directory can be compromised too.

The Threats

Ransomware tops today’s list of security concerns for governments, and no agency is immune. Just look at the statistics:

• Cook County, Chicago was a victim of last year’s WannaCry ransomware attack.
• St. Louis Public Library was hit with ransomware, demanding $35,000 in Bitcoin.
• Bingham County, Idaho paid out #3,000 in ransomware to restore its servers.

Cybersecurity skills shortages are nothing new. But new research shows that they are creating recruiting chaos.

How secure is your user access to AWS infrastructure and workloads? Security to protect every user’s access to apps, endpoints and infrastructure when moving to the cloud is a hot topic. AWS’ shared responsibility model means that security and compliance is just that, shared between AWS and the customer.

When it comes to network modernization and security, federal IT may be experiencing a case of dueling personalities. On one side, network modernization is essential to a better security posture. This is because outdated legacy IT systems are more prone to vulnerabilities and were never designed to handle today’s threat landscape. However, the very act of modernizing networks may actually be making those networks less secure, at least in the short term.

From Equifax to Yahoo, WannaCry and Petra, every month seems to bring with it yet another high-profile attack. Vendors roll out patches and fixes, and questions are asked across the political and security communities.

There’s a lot of buzz about blockchain these days, even in government. In fact, we predict that 2018 will be the year of blockchain in government. Blockchain’s inherent security makes it resistant to data manipulation, making it a great tool for securely recording transactions between two parties, everything from medical records, contracts, transactions, even online voting.

No sooner do you have your arms around one cybersecurity vulnerability then another surfaces. This time it’s Meltdown and Spectre, both of which can cause data leak from kernel memory. These vulnerabilities are particularly worrying since they impact practically all computers and involve multiple IT vendors including processor players Intel, AMD, Qualcomm, and ARM.