by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : July 15, 2016
BackStory High-impact cyber risks 34 July 15, 2016 FCW.COM The Government Accountability Office surveyed 18 agencies that run high-impact systems and found 2,267 security incidents in a single year — nearly 500 of which involved installation of malicious code on the systems. Other key findings include: 9.4 Percentage of federal systems classified as high impact 3 Percentage of reported incidents that involved high- impact systems Source: “Agencies Need to Improve Controls over Selected High-Impact Systems” (GAO-16-501) Who’s attacking high-impact systems most often? Nations 15 of 18 agencies Hackers/hacktivists 10 of 18 agencies Malicious insiders 6 of 18 agencies Criminal groups 4 of 18 agencies Terrorists 1 of 18 agencies Unknown/other 12 of 18 agencies Which attackers are most serious? Nations 18 of 18 agencies Malicious insiders 12 of 18 agencies Hackers/hacktivists 8 of 18 agencies Criminal groups 5 of 18 agencies Terrorists 5 of 18 agencies Unknown/other 6 of 18 agencies The most frequent attack methods include: Phishing and spear phishing 17 of 18 agencies Credentials-based attacks 10 of 18 agencies SQL injections 7 of 18 agencies Watering holes 7 of 18 agencies Trusted third parties 6 of 18 agencies The biggest obstacles to identifying threats: 1. Continuous changes in technology 2. Employees 3. Lack of governmentwide information sharing 4. Rapidly changing threats And the guidance cited as most useful: 1. NIST publications 2. Agency-specific guidance 3. DISA’s security technical implementation guides 4. OMB memoranda 5. NSA guidance The most serious threat vectors are: Email 18 of 18 agencies Web 17 of 18 agencies Improper usage 8 of 18 agencies Impersonation/spoofing 6 of 18 agencies 0715fcw_034.indd 34 6/28/16 2:19 PM
June 30, 2016
July 30, 2016