Half of US cybersecurity breaches caused by staffers’ misconduct

Half of US cybersecurity breaches caused by staffers’ misconduct
​Federal agencies and government contractors in the United States together experienced nearly a quarter of a million cyberattacks during the last year, according to a new analysis from the Associated Press.

What’s more, though, is that the AP says that many of the 228,700 or so cyberincidents suffered by federal agencies and contractors during the last year came not because of advanced intrusion methods employed by attackers, but instead are resulted from routine mistakes and misconduct that can be blamed on the legitimate officials tasked with keeping hackers out.

On Monday, the AP said that an investigation has determined that a nationwide, $10 billion-a-year effort to keep the country’s critical networks safe from outside users, including hackers, state-sponsored agents and other unwanted parties has largely been unsuccessful — at least when the major failures from the last 12 months are stacked up against the massive amount of money intended to keep those systems secure.

According to the AP’s investigation, federal agents and contractors alike are all too guilty of letting systems become infected by clicking bogus links, accidentally installing malware or otherwise opening up networks to hackers by way of their own inept operational security.

“Workers scattered across more than a dozen agencies, from the defense and education departments to the National Weather Service, are responsible for at least half of the federal cyberincidents reported each year since 2010,” the AP wrote, citing their own internal report.

After filing dozens of Freedom of Information Act requests for documents and discussing their findings from security personnel inside and out of the federal government, AP investigators uncovered evidence of severe breaches, according to Monday’s report, effecting agencies that range from the Pentagon and Department of Education to the National Weather Service.

One such instance, according to the report, occurred after a government work clicked on a link purported to be of tennis star Serena Williams, but actually redirected the federally-affiliated computer to a compromised link. Others, the report acknowledged, acted “intentionally,” such as former National Security Agency contractor Edward Snowden.

Regardless of what agency was affected, though, the report suggests that, in the AP’s words, despite “40 years and more than $100 billion after the first federal data protection law was enacted, the government is struggling to close holes without the knowledge, staff or systems to outwit an ever-evolving foe.”

Coincidentally, the AP’s report was published on the same day it was announced that the data of more than 800,000 US Postal Service employees have been compromised following a major USPS breach that’s been preliminarily attributed to Chinese hackers. Previously, the US government and security researchers have blamed China and state-affiliated hackers with an array of attacks launched against American entities, the likes of which yielded a major Department of Justice indictment earlier this year against five Chinese nationals accused of committing