The Cybersecurity and Infrastructure Security Agency (CISA) has recognized that Industrial Control Systems (ICS) and Operational Technology (OT) environments represent one of the largest threats to
Government IT managers are tasked with an ever-growing list of responsibilities, from IT infrastructure to operations, equipment, systems administration and security. IT teams are also directly responsible for protecting sensitive government information, including Personally Identifiable Information (PII) like names, addresses, driver’s license numbers, forms of payment, Social Security numbers and financial records.
Unfortunately, many local governments have experienced data breaches and ransomware attacks. The Sophos “State of Ransomware” report noted that 69% of local and state government agencies reported a ransomware attack in 2023. 68% of data breaches are due to the human element, with the majority caused by weak or stolen passwords. This means that any employee who has access to any password-protected systems poses a risk to the organization.
IT leaders need to ensure that the entire organization adheres to best practices regarding password security. They also need visibility, security and control over their employees’ passwords and credentials.
Why are government organizations being targeted?
Cyber attacks are happening at all levels of government, and there are several reasons why the government is seen as a prime target for cybercriminals.
Data Sensitivity: State and local governments manage a lot of sensitive data, including residents’ personal information and financial records. This data is valuable for cybercriminals looking to steal identities, commit fraud or sell the information on the dark web.
Critical Infrastructure: Local governments often oversee critical infrastructure such as water treatment facilities, transportation systems and emergency services. If these services are disrupted, it can cause significant chaos and pressure officials to pay ransoms quickly to restore critical operations.
Resource Limitations: Many state and local governments have limited cybersecurity budgets and resources, and are less equipped to defend against sophisticated attacks, compared to larger federal agencies or private corporations.
Political Motivations: Attacks on state and local governments can be driven by political motivations, including efforts to influence elections, disrupt government operations or weaken public trust in governmental institutions.
Vulnerability Exploitation: State and local governments might have outdated systems and software, making them more vulnerable. Attackers often target known vulnerabilities in older systems that have not been updated or patched.
Ransomware Opportunities: Ransomware attacks have become increasingly common. Governments are seen as more likely to pay ransoms quickly to restore critical services, making them attractive targets for these types of attacks.
Password security for public sector organizations
Weak passwords and reused passwords are security issues because if one account is compromised, the stolen credentials can potentially be used to access other accounts. Cybercriminals search the dark web for breached account credentials and use techniques like credential stuffing and brute force attacks to guess multiple passwords and gain access to accounts.
Another aspect of password security is how passwords are saved or stored. Legacy password management methods like saving passwords in browsers, Excel spreadsheets and sticky notes are not secure. The most secure way to store passwords is with a password manager that uses multiple layers of encryption.
As an added bonus, password managers can automatically generate passwords that adhere to complexity requirements set by system administrators. Employees can then quickly autofill their passwords into websites and apps, eliminating the need to remember dozens of passwords. The autofill capability also recognizes legitimate websites, which helps prevent phishing attacks that attempt to trick employees into entering their credentials on fake websites designed to steal them.
Password security has become so important that many cyber insurance providers are now requiring that organizations utilize a secure password manager to qualify for a policy. Additional requirements may include using Multi-Factor Authentication (MFA) on administrative and other privileged accounts, as well as regular security training for employees.
Keeper protects government organizations against cyber threats with zero-trust cybersecurity
Keeper Security Government Cloud (KSGC) password manager and privileged access manager is FedRAMP Authorized and StateRAMP Authorized, and maintains the Keeper Security zero-trust security framework alongside a zero-knowledge security architecture.
KSGC provides delegated administration and role-based enforcement policies to provide administrators with complete visibility and control over identity security and risks within their organization.
KSGC protects organizations of all sizes – from small municipalities and institutions to large state agencies. Improve your organization’s cybersecurity by providing employees with a simple and effective method to adopt password security best practices.
Ready to learn more? Contact us.