by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : February 2015
In less than a decade, more than 87 million records with sensitive or private information have been exposed due to cyber-incidents on federal networks alone . But the sheer volume of cyber-attacks is just part of the challenge facing federal agencies when it comes to network security. Even more worrisome is the ingenuity of today’s cybercriminals. Whether it’s an insider threat or an external force wishing to do harm, the techniques of cybercriminals have become more insidious and intelligent. Once a threat is mitigated, 10 more will rise up in its place. Take, for example, the increase in backdoor techniques attackers are using to steal sensitive data. These methods let attackers enter a network via an unmonitored loophole and bypass firewalls and anti-malware through sophisticated methods. They can check for available connections and transfer files, connect via social media sites, use custom DNS lookup to bypass detection and even change protocols. In addition to more aggressive, innovative methods that enable attackers to bypass the perimeter, the very nature of what is inside the network and what is outside the network has changed. For example, remote employees or teleworkers must enter the network to perform their tasks. Are they considered to be inside or outside the network? The same questions are true about mobile users, who use wireless technologies to access the network, contractors and partners, and cloud computing solutions. All of these types of users and solutions require defining the perimeter in a new way and, as a result, also require reconsidering network security methods. Another related issue is that many agency networks have older devices, technologies and applications that simply aren’t able to manage today’s cyber-related challenges. They sometimes can’t, for example, distinguish appropriate traffic or credentials from malicious traffic or false credentials; keep track of all encrypted traffic, especially in virtualized infrastructures; or adequately filter network traffic. Increasingly, organizations are beginning to realize that perimeter- based security just isn’t enough anymore. Keeping an agency’s data and applications safe today requires re-evaluating and updating network security plan, technologies and policies to reflect today’s changing threat landscape. The Changing Cyber Threat Landscape GameChanger Game ChanGinG TeChnoloGy To meeT aGenCy missions SponSored report MIcrosegMe n tat Ion InCreasInGLy, orGanIzaTIons are beGInnInG To reaLIze ThaT perImeTer-based seCurITy jusT Isn’T enouGh anymore. cybersecurIty by the nuMbers 1.5 The number, in millions, of monitored cyberattacks in the United states in 2013 15 The percentage by which the average cost of a data breach increased in 2014 21 The percentage of federal breaches in 2013 caused by government employees who violated policies 24 The percentage of government agencies reporting that operating systems or files had been altered, and/or unauthorized access or use of data, systems and networks 25 The percentage of security professionals who doubt that their organization has invested enough in cyberthreat defenses 37 The percentage of cyber incidents that aren’t detected by civilian agencies 42 The percentage by which the number of reported federal network breaches increased between 2009 and 2013 49 Percentage of organizations that don’t perform employee security awareness training 260 The number of days, on average, that it takes organizations to detect and respond to insider attacks, compared to 170 days for other attacks 46,605 The number of breaches of federal computer networks in 2013