A scathing report by the US government indicates that almost 75% of government agencies have inadequate cybersecurity tools and procedures in place. Why is this a problem, and what does it mean for the average US citizen?
US government agencies are a prime target for a variety of different cyber threats – from criminals looking for identity information to advanced state-funded hackers looking to uncover state secrets or exploit national vulnerabilities. As such, you might expect the US government to take cybersecurity very seriously. Currently, however, that’s very far from the truth.
In the report, published by the Office of Management and Budget, it was found that “71 of 96 agencies (74 percent) participating in the risk assessment process have cybersecurity programs that are either at risk or high risk.” At-risk agencies, by far the most numerous, were those that had significant gaps in their cybersecurity procedures and capabilities. High-risk ones were missing fundamental elements of a basic approach to cybersecurity. In a shocking 38% of cybersecurity incidents, the Federal government wasn’t even able to identify where an attack came from!
The report identified four different key findings, all of which were damning for US cybersecurity.
A few striking key stats from the report:
Pick any government agency and it will probably be mostly or completely unprepared to prevent or investigate a cyber attack. This is clearly a potential national security risk, but it should also matter to the average citizen.
Most of us have a healthy skepticism towards sharing our most sensitive personal details and information with corporations or people. Identity theft is a common crime that can destroy people’s lives, and it happens when criminals get their hands on your personal data. You can’t always trust corporations or individuals to keep your data secure, so you try to keep your data to yourself as much as possible.
However, many people trust the government with our data (though they probably shouldn’t, as recent events suggest). After all, we don’t always have a choice, since some of our identifying information is given to us by the government (like social security numbers, passport numbers, etc.). Moreover, as we saw with the unprecedented Equifax data breach, our government can share our data wholesale with private companies totally unprepared to protect our information with the cybersecurity it deserves.
The report outlines the action steps that the government needs to take to shore up the significant gaps in its cybersecurity. We can only hope that agencies quickly follow those steps to keep our data secure, but given the flagrant disregard for data security we’ve seen to this day, I wouldn’t bet on it. Consider pressuring your local representative by letting them understand how important cybersecurity is to you.
What you can do for now is reduce your data footprint as much as possible. Reduce, as much as you can, the information collected about you by both government and private entities. This involves common-sense moves like disabling location tracking on your phone and reducing the number of websites and apps that have your data, but that’s not enough. A premium VPN like NordVPN should be just one of many tools and methods in your arsenal to ensure that your data stays secure and safe.