“If federal agencies want to strengthen their cybersecurity posture in a significant way, they should invest in cybersecurity best practices exercises and human education, according to cyber-focused officials at the Health and Human Services Office of the Inspector General and the Defense Health Agency.”
“’It’s really, in my view, the human element that contributes to how secure that we are,’ said LaMonte Yarborough, CISO at HHS OIG, during GovernmentCIO Media & Research’s CyberScape event this week. ‘With that comes requisites such as user awareness of some of the indicators they should look out for. I think phishing exercises are key.’”
“Firewalls, software updates and continuous, real-time visibility of access points on your network are all great, but if your employees are making basic cyber mistakes — like opening a phishing email — then you’re still exposing yourself to criminal and nation-state cyber actors. Cybersecurity education is key.”
“’You will never be able to fully eradicate scenarios bad actors might exploit,’ Yarborough said. ‘The better we are able to educate our constituency, I think the better we will all be for it.’”
“Tom Hines, director of engineering and technology transformation at DHA, said the agency’s cyber response begins with employee education and ‘reminding the workforce of the training they’d already received and best standard best practices…’”
“Federal organizations dealing with cybersecurity issues also face the challenge of defining accountability in the cloud era, where private companies may have access to federal data…” Read the full article here.
Source: How HHS OIG, DHA Handle Cybersecurity Challenges During a Pandemic – By Kate Macri, September 4, 2020. GovernmentCIO.