Collaborate Disseminate
Internet Isolation Enables a Zero Trust Approach That Protects Remote Users from Cybersecurity Threats without Impacting the User Experience.
Federal agencies are being forced to rethink the way they empower public servants with the tools and info… Continue reading Is Malware Detection a Losing Race? A Deeper Look Into SoakSoak and Regin
I’m very proud of what we do at Menlo Security. We work very hard to make sure organizations and users around the world can safely access the tools and information they need to keep businesses running. We prevent confidential data from falling int… Continue reading Update on DoD’s Cloud-Based Internet Isolation
Money earmarked for the Defense Department and DHS, and bipartisan bills to address the security of federal IoT devices, showcase growing federal cyber-efforts. Continue reading Federal Focus on Cyber Plays Out in President’s Budget, IoT Legislation
A majority of federal civilian agencies examined by a government watchdog are struggling to implement cybersecurity programs capable of adapting to a changing threat landscape. “Until agencies more effectively implement the government’s approach and strategy, federal systems will remain at risk,” the Government Accountability Office warned in a report Tuesday that assessed security implementation at the departments of Homeland Security, Justice, Energy and others. Seventeen of 23 inspectors general said their agencies’ cybersecurity programs were not being effectively put into place, and that they had “significant information security deficiencies” in financial reporting controls, the GAO said. The audit is a reminder that, despite years of attention and billions of dollars spent, there is often a discrepancy between objectives and results in the cybersecurity of federal agencies. Agencies were considered to have an “effective” cybersecurity program if they had, at a minimum, “quantitative and qualitative measures on the effectiveness of policies, procedures, and strategy” across […]
The post As threats increase, audit finds federal agencies struggle to implement cyber plans appeared first on CyberScoop.
Continue reading As threats increase, audit finds federal agencies struggle to implement cyber plans
A new CyberScoop study shows government agencies are making varying progress implementing methods to secure mobile smartphones, tablets, sensors, wearables and other endpoint devices accessing their networks. However, the growing proliferation of devices accessing agency networks -including employees’ personal devices – is also increasing attack surface area for cyber threats. More than half of agency IT officials are concerned about network attacks from endpoint devices. And while 6 in 10 say securing government-issued mobile devices is a top concern over the next 12 to 18 months, many may be overlooking technologies they already have or own to address security concerns. This online survey, conducted by CyberScoop and underwritten by Samsung, provides a new snapshot of what matters most to federal IT and security leaders in securing endpoint devices accessing their networks — and where key gaps remain. The study surveyed qualified federal government information technology and cybersecurity officials who have […]
The post Closing the gaps in federal endpoint security appeared first on Cyberscoop.
Continue reading Closing the gaps in federal endpoint security
Thousands of web domains belonging to hundreds of federal departments and agencies are being spoofed by email hackers, including many from Russia and other adversary nations, according to new figures reported this week. The cyberspies and online fraudsters are trying to trick message recipients into clicking on malicious links or downloading malware designed to steal passwords and other personal information, according to an analysis by cybersecurity outfit Proofpoint, which specializes in providing online security for large organizations. The company looked at nearly 70 million emails sent during October from 5,000 unique .gov parent domains protected by Proofpoint, the company’s VP of Email Fraud strategy Robert Holmes told CyberScoop. More than 3,000 of those domains had been spoofed by hackers sending phishing emails that purported to come from a trusted communicant. “We saw over 8.5 million fraudulent messages,” Holmes wrote in a blog post Monday, “Almost 10 percent of which were not even sent from a US-based [internet or IP] address.” The […]
The post Russians, other foreigners, spoofing unprotected .gov email addresses, report says appeared first on Cyberscoop.
Continue reading Russians, other foreigners, spoofing unprotected .gov email addresses, report says
The Department of Homeland Security is now collecting data about federal agencies’ use of an industry-standard cybersecurity measure that blocks forged emails. The collection is seen as a first step to encouraging wider adoption within the U.S. government, according to official correspondence. In a letter to Sen. Ron Wyden, D-Ore., DHS official Christopher Krebs says the department, “is actively assessing the state of email security and authentication technologies … across the federal government,” to include Domain-based Message Authentication, Reporting and Conformance (DMARC). DMARC is the industry standard measure to prevent hackers from spoofing emails — making their messages appear as if they’re sent by someone else. Spoofing is the basis of phishing, a major form of both crime and espionage, in which an email appearing to a come from a trusted third party directs readers to a website where login and password credentials can be stolen. Krebs says DHS’s 24-hour cyber watch center, […]
The post DHS will scan agencies for DMARC, other hygiene measures appeared first on Cyberscoop.
Continue reading DHS will scan agencies for DMARC, other hygiene measures
The remarkable decision to have a single official fill two key White House cybersecurity posts has highlighted both the Trump administration’s commitment to securing federal IT networks as a national security priority and its inability to fill key cyber jobs. Grant Schneider, the current deputy federal CISO, who has been acting CISO since his boss left mid-January, will also begin doing the job of senior director within the cybersecurity directorate of the National Security Council staff, the White House let slip this week. The federal CISO job is based in the Office and Management and Budget, which, like the NSC, is within the Executive Office of the President. Several former NSC staffers told CyberScoop the dual-hatting arrangement makes sense in the short term, but they questioned its viability in the long run. The administration made fixing federal government IT systems a priority under the cybersecurity executive order President Trump signed in May. The CISO’s office is operationally responsible for […]
The post Double role for White House cyber aide shows challenges for new administration appeared first on Cyberscoop.
Continue reading Double role for White House cyber aide shows challenges for new administration
The number of federal government departments and agencies deploying the highest level anti-spoofing and anti-phishing email security has nearly doubled since the end of May, new figures show. A total of 135 federal email domains had some form of the Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol deployed Aug. 1, according to the non-profit Global Cyber Alliance. That’s only six more than the 129 who had some deployment May 26 — but of those 135, 60 had the protocol set to p=reject, the highest level of deployment. That compares to just 32 who had the protocol fully deployed in May. DMARC helps prevent phishing and other email spoofing attacks, when a message is made to look as if it comes from a company or government agency. The IRS, for instance, is a frequent target of phishers, who prefer to impersonate banks or other email senders who might have a financial relationship with potential victims. At […]
The post DMARC use continues to climb inside federal government appeared first on Cyberscoop.
Continue reading DMARC use continues to climb inside federal government
Federal agencies pay an average of $7,000 a year less to cybersecurity personnel than their private sector counterparts, so they need to offer training and other benefits while recruiting more from overlooked groups like women and minorities, according to one of the largest regular surveys of information security workers. The eighth biannual Global Information Security Workforce Study, done by the Center for Cyber Safety and Education and sponsored by contracting giant Booz Allen Hamilton, cyber recruiters Alta Associates and the International Information Systems Security Certification Consortium or (ISC)², was unveiled Tuesday at (ISC)²’s conference CyberSecureGov in Washington, D.C. The U.S. government “must enhance its benefits … to attract future hires and retain existing personnel given its fierce competition with the private sector for skilled workers and the unprecedented demand,” said Dan Waddell, (ISC)² managing director, North America. “Unfortunately,” he added, “the layers of complexity involved in fulfilling that goal are significant.” “Thanks to the record-number of federal GISWS […]
The post (ISC)² survey: To recruit cyber talent, feds must make up in training, benefits, what jobs lack in pay appeared first on Cyberscoop.