8 Scary Statistics About Remote Access and Cybersecurity

Hackers are targeting government websites. Are remote employees the weak link?

State and local governments are the target of hackers around the world, according to Michael Calce, a converted hacker who once successfully attacked Yahoo, CNN, Amazon, eBay and Dell.

In an interview with Government Technology, Calce was asked how difficult it is to hack into a government website. His answer: “To be quite honest, it’s so easy it’s scary.”

Calce also says that some hackers target government sites because “there is no telling what kind of information you can obtain from government networks.” These hacks, while sometimes harmless, can sometimes result in enormous losses in budget and resources, as Government Technology reports:

Last July, a hacker broke into Yellowstone County, Mont.’s website, prompting the county to disable the site. In September 2011, two men with alleged ties to the online activist group Anonymous were indicted for hacking into Santa Cruz County, Calif., computers in December 2010, causing the county website to go offline. And last November, the Gregg County, Texas, Tax Office was hacked by the Zeus Trojan, which uses a keystroke logging scheme to steal information. In that incident, bank routing numbers were hijacked to redirect $200,000 into a foreign bank account.

Even law enforcement sites are being targeted. Sheriff John Montgomery of Baxter County, Ark., said in August 2011 his office’s website was attacked by hackers and is among more than 70 law enforcement websites in several states that have been hacked.

Remote access is one reason that government data is increasingly vulnerable to hackers. Many governments are embracing telework and mobility. These trends are cutting down on government-owned devices, real estate and utilities. The benefits, however, are being challenged by the inherent risks in giving remote employees server access.

Security firm Webroot recently surveyed (PDF download) of 500 web-security decision-makers about their experience with remote access and hacking. The results are not only alarming but also a wakeup call to governments to ensure their hardware, software and policies are protecting end users and data. Here’s a look at some of the key findings.

Among the businesses surveyed:

90% agree that managing the security of remote users is extremely challenging
64% allow remote server access to more than 25% of their employees
50% have had their website compromised
50% say web attacks impact company financials
37% have had employee passwords hacked
20% have experienced an SQL injection attack
6% give all employees remote server access
2% don’t allow remote access to any employees

Download the full study here.

<p>Wavebreak Media/Thinkstock</p>
Aug 09 2013