A new report indicates that there were 77,000 cyber incidents in 2015, and the staggering number highlights the need for better network security. The exact number of cyber incidents was listed as 77,183, Reuters News Agency reports, and it represents a 10 percent increase over the previous year, a White House audit revealed.
The incidents were reported to the Department of Homeland Security’s (DHS) U.S. Computer Emergency Readiness Team (US-CERT), according to a new Federal Information Security Management Act compliance report from the Office of Management and Budget.
“The overall rise in the number of incidents represents both an increase in total information security events and agencies’ enhanced capabilities to identify, detect, manage, respond to, and recover from these incidents,” the report explained.
— AXA Lab (@AXALab) March 21, 2016
Liam Tung, from the often knowledgeable website ZDNet, wrote that the more than 77,000 cyber incidents include denial of service, improper usage — such as unauthorized access, phishing, and policy violation — malware, non-cyber breaches such as leaked printed material, and suspicious network activity detected by EINSTEIN, the federal government’s early-warning system, otherwise known as the National Cybersecurity Protection System.
OMB: More than 77,000 federal cyber incidents in FY 2015 https://t.co/mKX9Rlms9t
— FedScoop (@fedscoop) March 21, 2016
According to data from the report, more than a third of the 77,000 cyber incidents fell into the category of “Other,” which was described as being “a separate superset of multiple subcategories… employed to accommodate several low-frequency types of incident reports, such as unconfirmed third-party notifications, failed brute force attempts, port scans, or reported incidents where the cause is unknown.”
Incidents in the “Other” category made up 34 percent of the total, amounting to 25,675 incidents for the year, which is a 77 percent increase from 2014.
“Approximately 59 percent of ‘Other’ incidents fall within the attempted access subcategory due to the high volume of scans and probes,” the OMB report said.
— HPE (@HPE) March 15, 2016
The second leading incident category was “Non-Cyber,” “which includes incidents involving the mishandling of sensitive information without a cybersecurity component, such as the loss of hard copy (personally identifiable information) records.” Nearly 16 percent of reported incidents fell into this category. A category called “Policy Violations” came in third with a reported 10,408 reported incidents, or 14 percent of total incidents reported — making a total of 30 percent unrelated to any possible cyber-intrusion.
Although the number of cyber incidents saw a significant rise from last year, there is good news — Department of Veterans Affairs CIO LaVerne Council said the agency blocked 160 million malware attacks last year.
The cyber incidents were defined as “a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices.” Only a small portion of the cyber incidents would be considered as significant data breaches, the Reuters report notes.
For years, national security and intelligence officials have pointed out that cyber attacks are among the most serious threats facing the United States. The growing problem prompted President Barack Obama to ask Congress last month for $19 billion for cyber security funding across the government in his annual budget request, an increase of $5 billion over the previous year. The government managed to decrease the number of “active critical vulnerabilities” on federal systems from 363 known critical bugs in May to just three by December, amounting to a 99 percent reduction in seven months.
The major drop in vulnerabilities is the result of the DHS National Cybersecurity and Communications Integration Center (NCCIC) running “persistent network and vulnerability scans of all federal civilian agency internet-accessible systems.”
[Image via Chung Sung-Jun/Getty Images]