2022 was a noteworthy year for the technology sector, particularly as it relates to cybersecurity. The post-pandemic era of modernization exposed the fragility of U.S. public sector technology infrastructure and systems, widening attack surfaces and posing additional challenges for state, local and education leaders. We have witnessed the whole gamut of continually evolving security threats, ranging from election security breaches, nation-state actors, threats to critical infrastructure, ransomware attacks, hacktivism and more.

The Cybersecurity and Infrastructure Security Agency (CISA) has seen increased malicious activity with ransomware attacks against K 12 educational institutions. Malicious cyber actors target school computer systems, slowing access, and rendering the systems inaccessible to essential functions, including remote learning. In some instances, ransomware actors stole and threatened to leak confidential student data unless institutions paid a ransom.

Ransomware attacks on US government organizations cost $18.9bn in 2020.

TD Synnex Public Sector’s Chief Cybersecurity Technologist, Don Maclean sat down with Mark Guntrip, Senior Director of Security Strategy at Menlo Security, to discuss one of the latest emergent security threats.

2022 is ending, and it is time for U.S. public sector leaders to reflect on lessons learned while planning for the upcoming state and local government fiscal year-end. This year’s NASCIO Annual Conference highlighted the post-pandemic technology trends and challenges that are defining 2023 policy agendas and the future of technology acquisitions. The conference referenced the State Chief Information Officer Survey which assessed state CIOs’ thoughts on a wide array of topics that affect their roles as public sector technology and business leaders in today’s modern world.

“We must find fresh ways to connect forces, allies, and partners that provide an effective response to the challenge of a highly contested environment not seen in the last 20 years. Given the challenges we face today and in the future, we simply have no choice but to become more interoperable,” said General CQ Brown JR., U.S. Air Force Chief.

Cybersecurity Maturity Model Certification (CMMC) 2.0 is here. If your company is not prepared, the time to get ready is now, or your company may risk losing business with the Department of Defense (DoD).

The CMMC program requires cyber protection standards for companies in the Defense Industrial Base (DIB) and aims to protect sensitive unclassified information that the DoD shares with contractors and subcontractors.

Every year, there are more and more security breaches, and it gets harder and harder to spot them. According to a leading cybersecurity vendor¹, it takes almost seven months for organizations to find breaches, which gives malicious attackers plenty of time to get what they want.

Most often, system misconfigurations like default settings or credentials leave the door wide open for exploitation, resulting in these breaches. As organizations grow, this problem only gets worse because quick changes frequently result in skipped steps.

Security is paramount in the digital age, especially when it comes to keeping networks secure. Having network security monitoring services stand between your organization and malicious attackers is crucial. Still, the volume of alerts and issues that come with them can easily overwhelm your team.

The volume of these alerts is rising every year too. According to a report by TrendMicro, 54% of teams surveyed felt like they were drowning in alerts, and 27% said they spent most of their time dealing with false positives.

Implementing zero trust may seem daunting, but it is also an opportunity to integrate more secure coding practices into your software applications from the start. Zero-trust security assumes that all traffic on your internal network is potentially malicious. Consequently, it requires taking measures to:

The rise in a remote workforce and use of cloud-enabled business applications equates to the browser essentially becoming our office, providing access to all necessary tools, data, and communications. Threat actors understand this paradigm shift and are now utilizing Highly Evasive Adaptive Threats (HEAT) to initiate ransomware, extortion ware, and other endpoint intrusions.

HEAT attacks are the next generation of cyber threats.