The US State Department temporarily shut down its unclassified email systems last Friday because it was, according to spokesman Jeff Rathke, “implementing carefully planned improvements to the security of our main unclassified network” after detecting suspicious activity. Although officials were concerned with what is being referred to as a hacking attack, an official noted that there was “no compromise of any of the Department’s classified systems.”
The public sector seems to be in the crosshairs as of late, as hackers got their hands on 800,000 employee records from the U.S. Postal Service, breached weather satellite systems at the National Oceanic and Atmospheric Administration, and phished their way into the computers of G20 finance ministers. The suspected forces behind similar attacks have been Russian and Chinese hackers, although it is not clear who the responsible parties were in the State Department breach
These attacks come in the wake of the much talked about breaches of private-sector companies, including Home Depot, JPMorgan Chase, and more. While the motivation for those breaches were largely financial, these recent attacks show that threat actors, state sponsored or otherwise, are still conducting attacks for with more complex aims in mind. Organizations that conduct business with public agencies may also be targeted as a means to get to such state agencies and organizations.
Just as big banks have strongly encouraged law firms and other third-party vendors they work with to tighten security protocols, government organizations may one day soon require stronger security programs for their vendors. One small step that organizations can take to get ahead of any requirements and strengthen their security is to train employees to watch for signs of attacks, like the one just launched against the State Department.