Cybersecurity

Password mismanagement still at the heart of security issues

While many government employees reuse credentials that have been compromised and put online, one expert warned MFA is not the “silver bullet” solution.

Report: Increased remote work for many governments also raises cyber risks

Roughly one-third of government employees believe “their actions don’t matter when it comes to security,” according to a new survey.

New bills look to help small water systems tap cybersecurity assistance

New legislation looks to set aside $10 million to help subsidize fees for small utilities to join the Water Information Sharing and Analysis Center.

Acting national cyber director offers new details on upcoming cyber workforce strategy

The forthcoming plan is meant to accompany an overarching cyber strategy released last week that industry groups and cybersecurity experts said would be challenging to implement given the nation’s cyber workforce woes. 

NIST renews cyber center partnership, launches small business focus

The agency renewed its partnerships that support the National Cybersecurity Center of Excellence and launched the NIST Small Business Cybersecurity Community of Interest.

Lawmaker: Schools need federal advocate to negotiate cyber contracts

Sen. Ron Wyden penned a letter to Education Secretary Miguel Cardona, asking the agency to assist U.S. schools in drafting cybersecurity and data protection contracts with technology firms.

How data breaches lead to fraud risk

By understanding the type and severity of data breaches, agencies can see where they should focus their efforts to curb identity fraud and prevent further victimization.

National cyber strategy ‘promising’ for state, local governments

While some groups applauded the Biden administration’s pledge to prioritize cybersecurity and help small governments fight attacks, others said more technical assistance and federal funding is needed.

EPA releases water systems cyber requirement in tandem with national strategy

The Environmental Protection Agency unveiled new cybersecurity guidelines to help states evaluate their water sanitation systems’ defenses.

Ransomware payments decreased in 2022 as criminals used other extortion tactics

A report from Recorded Future found that, even as ransomware continues to pose a global challenge for individuals and organizations, threat actors are increasingly using other methods to steal sensitive data and demand payments from victims.

Drone cybersecurity assessment program launches

The certification of commercial drones will help governments ensure the devices meet supply chain cybersecurity requirements.

Work with what you’ve got: Accelerating zero trust deployments

COMMENTARY | Because zero trust is founded on cybersecurity tenets like segmentation and identity management, state and local governments can adopt the strategy quickly and effectively.

Unpatched, known vulnerabilities still key driver of cyberattacks

Separate research reports find that vulnerabilities for which patches have already been issued remain hackers’ primary way into an organization.

Cyber criminals are increasingly exploiting cloud environments, report finds

A new CrowdStrike report found that hackers and digital adversaries are relying less on malware, and more on unpatched vulnerabilities and data weaponization.

White House to officially ban TikTok from government devices within 30 days

The guidance follows legislation Congress passed late last year that officially required federal agencies to ban TikTok after dozens of states moved to restrict the app on government devices.

Texas Public Safety agency sent at least 3,000 driver’s licenses to organized crime group targeting Asian Texans

A Chinese crime operation bypassed the password clues of Texas.gov by using stolen identity information to fraudulently obtain replacement driver’s licenses.

Building scalable, cost-effective application security

COMMENTARY | Automated scanning and remediation platforms can identify, fix and prevent security gaps and vulnerabilities at the software application and development levels.