Though not officially confirmed, the U.S. State Department was reportedly a victim of a cyberattack.
The attack led the Department of Defense Cyber Command to send out notifications of this possible security breach, Infosecurity Magazine reports. In a series of tweets, Fox News journalist Jacqui Heinrich said, “It is unclear when the breach was discovered, but it is believed to have happened a couple of weeks ago… The extent of the breach, investigation into the suspected entity behind it, efforts taken to mitigate it, and any ongoing risk to operations remains unclear.”
Heinrich claimed a Department of State spokesperson said, “The department takes seriously its responsibility to safeguard its information and continuously takes steps to ensure information is protected. For security reasons, we are not in a position to discuss the nature or scope of any alleged cybersecurity incidents at this time.”
Reuters reported that a knowledgeable source had said the department did not experience significant disruptions and its operations had not been disrupted in any way.
Commenting on the news, Timur Kovalev, chief technology officer at Untangle, says, “While ransomware attacks on high-profile entities like Colonial Pipeline and JBS Foods that cause significant disruption to society are front-page news, the attack on the U.S. State Department is a good reminder that attacks can happen to anyone. Government, healthcare and small businesses are all targets and need to be aware of threats and take action to protect their businesses.”
Earlier this month, a Senate Homeland Security Committee report rated the State Department’s overall cybersecurity a ‘D,’ one of the lowest possible ratings. The report states the State Department was “ineffective in four of five function areas including a Level 1, “Ad-hoc” maturity rating for detection capabilities. This is the lowest possible rating within the Federal Government’s maturity model.”
Among other findings, the report claims the Inspector General found an alarming number of security vulnerabilities with the agency’s user management and weaknesses related to the State’s data protection and privacy program. Auditors also identified many State Department systems operating without current authorizations and recognized systems that the vendor no longer supports. The Department systems revealed 450 critical-risk and 736 outstanding high-risk vulnerabilities, auditors found.
“Our new reality is that cyberattacks are becoming more sophisticated and harder to defend,” says Rita Gurevich, Founder and CEO, Sphere. “Organizations need to focus not only on protection but also on limiting their cyberattack surface. Implementing an effective data governance strategy will make it more challenging for cyber attackers to access a company’s sensitive data. Unfortunately, no strategy is full proof with threats constantly evolving and growing in frequency; however, data and access governance are for protecting data.”
Organizations need to realize that they need to fundamentally reformulate their security platforms and incorporate new models to mitigate data risk across their multi-cloud environments, explains Mohit Tiwari, Co-Founder and CEO at Symmetry Systems. He adds, “Current approaches are fragmented and leave data security a side-effect of cloud security, application-security, privileged access management (PAM) and data-loss prevention. Instead, organizations will have to commit to answering where their sensitive data is, how it is protected, and how it is being used.”
Kovalev says organizations should take the following best practices to protect themselves against these attacks:
- Conduct a cybersecurity risk assessment audit to determine data risks and the appropriate preventive measures that must be taken.
- Train employees continuously. As security adversaries find new ways to infiltrate networks, keeping employees trained and up-to-date will only strengthen your network security.
- Use multi-factor authentication when possible to provide an additional layer of protection of sensitive data.
- Back up your data. If your data is backed up, even if your network is breached, a backup can revert the machine to the data it had on it the day before the attack, minimizing losses.
- Segregate your network to isolate and minimize a ransomware attack. Set up separate networks for different types of usage and/or roles. For example, have a guest network that is entirely separate from the main network.
- Keep software updated: update and install all software patches expediently to avoid a breach.
- Develop an incident response plan in the event that you experience a breach. This will outline steps to take to mitigate the attack and recover.