As the world comes screeching to a standstill in an effort to minimize the impact of COVID-19, hackers and bad actors alike are chomping at the bit to exploit vulnerable systems in a vulnerable time.
Everyone is a target, including federal government agencies.
On March 14, as our nation began to realize the upcoming impact of the pandemic and scrambled for information, the Department of Health and Human Services (HHS) experienced a cyberattack that attempted to disrupt the department’s ability to satisfy the American public’s frantic need to know more about the outbreak.
Hackers reportedly launched a distributed denial of service (DDOS) attack, overloading the HHS servers with incoming traffic to the tune of millions of hits over several hours attempting to slow down and disrupt its operations. Government officials took to several news outlets, giving opaque responses about the nature of the incident.
While the attack itself was not successful, it does raise a concern about cybersecurity readiness in times of emergency. Especially in cases where certain organizations and agencies play a vital role. The higher their profile, the more alluring they are to bad actors. Government agencies and leading organizations worldwide are looked to for guidance in times of crisis, and must do everything they can to ensure comprehensive cybersecurity protocols are in place to keep them protected at all times—but especially in moments such as these.
Cyberthreats to Agencies Spread Virally
It's no secret that federal, state, and local governments face challenges when it comes to cybersecurity readiness. Between staffing shortages and strategy issues, their lack of preparation puts the nation and our communities at great risk.
With COVID-19 swamping the daily activities and focus of agencies, hackers are ready to take advantage.
Already making the rounds are several phishing scams, which are a current threat to individuals, healthcare facilities, and agencies. The CDC and HHS are instrumental in the nation's efforts to combat the virus, so government officials must immediately shore up their cybersecurity strategies in the midst of fighting this fire. Otherwise, threats will only increase.
Private Sector Partnerships
While cybersecurity challenges may not be adequately addressed internally, there are solutions—and not just those that involve investing in new technology and additional staff with security expertise who command top dollar. For example, government agencies can consult and team with professionals in the private sector to beef up their cybersecurity practices.
Partnering with vendors and service providers can deliver nuanced and experienced perspectives to security right away to help thwart attacks. Partners can provide security operation centers (SOCs) and skilled security teams that work around the clock to effectively protect governmental IT infrastructures and employees, the bulk of whom now work mostly from home.
Collaboration on Behalf of the Common Good
Cyberattacks during a public health crisis, such as what we’re now experiencing with COVID-19, ups the ante because there is so much more at stake than what we normally expect. Not only are government infrastructures and data at risk, but the health of the nation also hangs in the balance.
Firming up government agencies' cybersecurity environments and protocols have to be part of the emergency response. By partnering with cybersecurity firms in the private sector, such as Arctic Wolf that provides a SOC-as-a-service, healthcare agencies and organizations can ensure they stay secure when it matters most.