To hit a government health department seeking to engage stakeholders in response to a pandemic emphasizes the ‘malicious’ nature of the threat actors behind the move. The attack appears to have come from overseas, with the potential involvement of a foreign state (according to the New Statesman).
Of concern is the fact that government institutions such as the DHHS are key targets for cyberattacks. A vulnerability arises because the U.S. government has many applications and systems that were written and developed 35-40 years ago. While this is recognized, the process to modernize and transform the critical nature of data is a lengthy one and not a process that can be successfully done overnight.
Commenting on the attack, Caitlin Oakley, a spokesman for the National Security Council, tells The Hill: “HHS has an IT infrastructure with risk-based security controls continuously monitored in order to detect and address cybersecurity threats and vulnerabilities…we became aware of a significant increase in activity on HHS cyber infrastructure and are fully operational as we actively investigate the matter.”
While the attack was short-lived, with the U.S. National Security Council saying that the HHS networks are operating normally now, as Digital Journal’s Karen Graham reported, the incident does highlight vulnerabilities with U.S. government information technology systems.
This is brought out by Russell P. Reeder, who is the CEO of cloud-based data protection company Infrascale. Reeder shares his thoughts with Digital Journal, saying: “It’s troubling to see an increasing number of stories around opportunistic, malicious activities, at a time where the world is banding together to fight the effects of COVID-19.”
He notes further: “As the public’s thirst for information on the topic increases, along with workforces mobilizing to work-from-home to aid in isolating the effects of the pandemic, it appears that these stories will continue to increase.”
The incident introduces some general lessons for companies, as Reeder states: “When it comes to enabling companies to minimize disruptions to their business due to this shift in work, we encourage them to review and discuss their data protection strategies to ensure they are appropriately protected in the event of a compromise.”
In terms of preventive actions, which all businesses should note, Reeder recommends: “It is a critical time to make sure all your data is backed up, especially as many of the company assets are moving out of the office. If an unfortunate compromise were to occur, companies need to be protected and be able to recover their data.”
Furthermore, Reeder says: “If it’s critical to always have your systems running and you could not afford the downtime to rebuild your systems, you need more than just cloud backup and would need to implement a disaster recovery solution to continue your operations with minimal downtime. We are in this together and want to help lighten the burden of concern where we can when it comes to business continuity.”
