Ensuring cybersecurity is becoming a challenging task year after year with cybercriminals becoming technically advanced by inventing new ways of attacks, exploiting new vulnerabilities, and executing innovative attacks consistently.
Fremont, CA: The interconnected cyberattacks of today have become a popular feature. With time, more organizations transition their online data operations. Eventually, the number of attacks went up. Departments of government are not exempted from cyber-attacks. The Energy Department employs the same technology methods year after year, revealing unclassified programs in the nuclear facilities of the nation and other vital infrastructure exposed for digital attacks.
As the Energy Inspector General said, the Department of Energy is primarily efficient at fixing vulnerabilities after they have been uncovered. Now, the officials have sought to put in place the policies to avoid repeating the same mistakes. During the annual audit of the agencies for the cybersecurity system, the investigating officers revealed several persistent vulnerabilities related to configuration management, personal training programs, access controls, and compliance testing. The investigators also found significant gaps in vulnerability management practices in the Energy Department, leaving tens of thousands of "sensitive and high-risk" vulnerabilities unattended in its digital environment.
The auditors ' report stated that the information system and data of the departments could be at high risk of failure, destruction, and alteration unless the department takes the appropriate steps to avoid the vulnerabilities found during their evaluation. The report further added that the vulnerabilities in developing, updating, and implementing policies and procedures are harming the departments, the potential to secure their information system efficiently, and data are continuously identified in the auditor and other independent review surveys.
In 2018, 21 out of the 25 recommendations made were implemented by the agency. Still, this year there were some vulnerabilities, most of which were similar to the form found during previous assessments, the IG said.
Various locations went through various security lapses, but bad vulnerability management practices were common. The auditors concluded that there are no effective vulnerability management practices, the applications that lack security patches for known vulnerabilities are on high alert for computer viruses and various malicious attacks that could provide attackers with control over the applications, or even the entire server.
See also: Top Energy Tech Solution Companies