Knowledge and Insights

The Latest Cyber Security Risks and Developments Affect Public Entities

Security Online

Technological security is not only increasingly important today, but also undergoing a directional shift due to the prevalence and ingenuity of cyber-hackings. The true statistics about these are more alarming than may be realized from the handful of high-profile corporate and IRS incidents recently in the news.  The risks associated with IT security alone apply to and reverberate throughout an entire enterprise’s systems and operations.

Like most organizations, government entities are increasingly dependent on information technology and telecommunications to deliver or enhance services, automate processes and perform compliance or reporting. These issues become even more burdensome if disruption, degradation or unauthorized alteration of information or systems are adversely affected by malicious acts, which are increasing significantly.

With this in mind, Mercadien recently hosted a presentation about a new cyber security development applicable to all organizations.  It is micro-virtualization, a state-of-the-art security enhancement designed to allow all computer users to more securely access the internet, embrace mobile options, and adopt new applications, while better protecting the entire organization – its networks, cloud, desktops, technology infrastructure, mobile devices and endpoint applications.  Such micro-virtualization technology is included in Microsoft’s newly-released Windows 10 operating program.

Why and how is cyber security technology changing and what’s the impact on government and public entities?  Here’s a picture of the current landscape, according to Verizon’s 2015 Data Breach Investigations Report.

  • The majority of organizations in almost every business sector have been hacked. The manufacturing, public and professional/financial services sectors were the targets of 27%, 20% and 13% of the attacks, respectively.
  • Attacks are targeted. 70-90% of malware is unique; that is, created for a single institution.  Flash-based ads are the leading source of malware today.  Of the top 10 causes of infections or espionage, the top two are people opening an email attachment and clicking on links in emails. These accounted for over 75% of incidents.
  • The costs of physical property loss or business interruptions are considered low by some due to the existence today of numerous outlets from which information may be recovered. However, more devastating are financial losses from stolen intellectual property, trade secrets and public sector information, such as IRS taxpayer records.
  • Most computer security breaches could have been stopped if already-existing system protections, such as anti-virus software, were utilized.  However, many IT providers and/or end users do not install or update them as they interfere with operating systems.  Many employ the “fix it after it breaks” methodology.  In addition, not all protection software works adequately against rapidly-evolving attacks.  As a result, some industry sources believe that an estimated 47% of all computer users have been compromised.  If you are a government agency with 50, 500 or 1,000 computer users, your IT risks and remediation challenges compound at an incredible rate.

Fortunately, detection technology has experienced key innovations.  It has moved from:

  • traditional hardware isolation, where the operating system (OS) protects by isolating corrupted files, to
  • desktop virtualization, where software isolates OS processes or applications, to
  • micro-virtualization, which currently is the only technology that can hardware-isolate all untrusted activity of an application at a granular level.  The OS hardware isolates critical system components, data and application tasks using CPU features for desktop virtualization. The OS distributes advanced threat analysis as a protective measure, so even if the system is compromised, key data files cannot be stolen. It enables real-time institution-wide protection that doesn’t interfere with the end-user experience.

It’s critical to be informed about cyber security, which the National Institute of Standards and Technology defines as “the process of protecting information by preventing, detecting, and responding to attacks.” As part of technological security, and regardless of the size or state of your institution’s IT assets, you should consider management of internal and external threats and vulnerabilities to protect information and the supporting infrastructure from cyber attacks.  For help evaluating your public entity’s cyber security risks and preparedness, contact Mercadien at 609-689-9700 or