Not Just OPM -- Agency Cybersecurity Incidents on the Rise
The number of security incidents affecting federal agencies has increased every year since 2006.
The Office of Personnel Management breach affecting millions of federal employees and contractors has served to shine a bright spotlight on cyberattacks.
While the OPM hack may be one of the most devastating to hit government, the department itself is far from alone in being the target of hackers. Since 2006, the number of “information security incidents” affecting federal systems each year has steadily increased, according to a report by the Government Accountability Office released Wednesday.
In 2006, there were fewer than 6,000 reported incidents, but two years later that number had tripled. Last year, there were about 67,000 reported incidents.
“Effective cybersecurity for federal information systems is essential to preventing the loss of resources, the compromise of sensitive information, and the disruption of government operations,” stated a document accompanying the report.
Although cyberattacks are on the rise, many "information security" incidents at agencies don't refer to computers at all.
One-quarter of all security incidents recorded in 2014 were listed as "noncyber," according to the GAO report. That's a designation that could describe paper documents improperly stored on employees' desks, for example. Malicious code accounted for only 11 percent of these incidents, and suspicious network activity was only 3 percent.
Security incidents are also not always caused by targeted attacks by hackers. They can be unintentional and simply result from employee error or equipment failure, according to the report. Last year, 14 percent of security incidents were chalked up to equipment or improper use categories.
Agencies should launch risk-based cybersecurity programs and improve their response to security incidents, according to the report.
“Until federal agencies take actions to address these challenges . . . federal systems and information will be at an increased risk of compromise from cyber-based attacks and other threats,” the report stated.
(Image via wk1003mike/ Shutterstock.com)