Rapid changes in the cybersecurity landscape have led to rising pressure on agencies to improve their protection of federal data. Government contractors are especially vulnerable to cyberattacks as hackers target these firms to create widespread disruption across the United States.
Following several cyber incidents targeting critical infrastructure that led to a shutdown of a key US energy pipeline, President Biden released an executive order in May 2021 to improve the nation’s cybersecurity. The order is an initial step toward securing systems used by the federal government, and in the near future, it will likely be required that all private companies that contract with the government follow the same protocol as the agencies.
Companies interested in winning government contracts must stay informed about the latest regulations and threats and implement the proper cyber safeguards to defend and ward against cyber attacks.
What Are The Current Cybersecurity Challenges Surrounding The Public Sector?
The public sector is driven by data since the information it provides is critical to the successful delivery of public services. Unfortunately, the volume and complexity of data has resulted in an uptick in malicious cyberattacks. Some of the most common cybersecurity challenges that currently surround the public sector include the following:
Phishing Attacks On Government Contractors Have Increased
Phishing is a common type of social engineering attack that is used to steal user data, such as credit card numbers and login credentials. This type of attack occurs when a cybercriminal masquerades as a trusted entity and tricks a victim into opening an email or message that contains a malicious link. Clicking the link can lead to the installation of malware. According to a Phishing Susceptibility Report published by PhishMe, about 91 percent of all cyberattacks begin with social engineering.
There Have Been Plenty Of Data Breaches Outside SolarWinds
While there has been a lot of discussion regarding the hacking of SolarWinds’ Orion product, this is not the only data breach that has affected government agencies and the private industry as a whole. According to Statista, the U.S. government accounted for 5.6 percent of all data breaches in the United States in 2019.
Defense Contractors Have Seen Increased Malware And Ransomware Attacks
Aside from phishing, malware and ransomware are some of the most prominent cybersecurity threats to government contractors.
Malware consists of malicious software, such as viruses, adware, spyware and worms that are often transmitted through email attachments, peer-to-peer downloads, misleading websites and phishing attempts. Ransomware is a type of malware used to block access to all or part of a computer system until the victim has paid a sum of money. Contractors have seen a steady increase in both malware and ransomware attacks in the last several years.
What Government Contractors Should Know About Cybersecurity In 2021
Cybersecurity threats continue to grow at a rapid rate and government contractors must keep pace to avoid a costly security breach or data loss. Businesses that want to avoid these risks must understand cybersecurity requirements in 2021 and how they apply to federal contractors. Here are some things that government contractors should know about cybersecurity:
The Internet of Things (IoT) Cybersecurity Improvement Act Was Signed into Law
The IoT Cybersecurity Improvement Act was officially signed into law at the end of 2020. The bipartisan legislation requires any IoT devices purchased with government funds to meet minimum security standards. The Act also addresses supply chain risks to the federal government caused by insecure IoT devices by implementing minimum security requirements.
FedRAMP Authorization Has Increased in Difficulty
The Federal Risk and Authorization Management Program (FedRAMP) is a government program that sets standards for authorizing, assessing and monitoring the security of cloud systems. Despite ongoing improvements to FedRAMP, the program has still shown some difficulties in terms of authorization.
The current authorization process is costly, slow and does not result in sufficient reuse of authorizations. The high costs, combined with long timelines, create a barrier to entry and make it difficult for providers to serve state and local government customers.
There Is Still Uncertainty Surrounding Preparation For CMMC
The Department of Defense (DoD)has recently developed a new certification framework to address certain risks posed by DoD contractors with inadequate cybersecurity controls. The Cybersecurity Maturity Model Certification (CMMC) is modeled after various frameworks but focuses on the NIST Special Publication 800-171. However, there are concerns that there is not enough clarity regarding the certification process, the cost of becoming certified and how the CMMC reciprocates with other cyber standards.
Cybersecurity Laws Are Continuously Evolving
Cybersecurity has been a major concern for both government and private sectors for more than a decade. To protect against new and ongoing threats, cybersecurity laws and regulations are created to help keep sensitive data out of the hands of cybercriminals.
As cybersecurity laws are continuously being enacted, government contractors must keep up-to-date with these changes to ensure compliance.
Speak With Hartman To Keep Up With Changes In Cybersecurity
Cybercriminals are growing increasingly sophisticated with their methods and the number of data breaches across the United States continues to rise. It is more important than ever for government contractors to strengthen their cybersecurity posture to win contracts and maintain compliance. For more information on how to address cybersecurity concerns and develop a strategy to prevent attacks, reach out to our experienced risk management consultants at Hartman Executive Advisors today.