Cybercriminals Are Targeting Government Agencies—8 Strategies for Building Resiliency

Government agencies are prime targets for cybercriminals. To help you bolster your defenses, our experts have compiled 8 actionable best practices for protecting against increasingly sophisticated attacks.

Digital information is the lifeblood of government operations and ensuring the security of sensitive data is critical. The days of hard copies and paper files stored in tall metal cabinets are over, replaced instead by cloud servers and digital databases. However, many government organizations continue to fall behind when it comes to keeping their data secure. 

Recent events have made it painfully clear that government agencies are prime targets for cyberattacks, making it crucial for them to adopt robust cybersecurity tools and risk management strategies. Our cybersecurity experts, led by Mike Sanchez, our CISO & SVP Cybersecurity Solutions, have pulled together their observations from some of the more series data breaches over the last year. Learning from these moments—their causes, impact, and implications—can provide useful insights into how government agencies can refine best practices for navigating an increasingly sophisticated threat landscape and avoid falling victim to the same attack vectors.


2023’s biggest Government data breaches 

A number of government agencies—both Federal and State—have fallen prey to cyberattacks and data breaches in 2023. 

1. US House of Representatives’ records exposed through DC Health Link breach.

In March, a health insurance marketplace known as DC Health Link was hacked. On the surface, this may not seem like a government-related data breach; however, many DC Health Link customers are members of the US House of Representatives. As a result, the private information of multiple House members and staff was exposed, including email addresses, Social Security numbers, birthdates, contact information, and more. The cause of this breach is still under investigation.

2. US Department of Transportation records compromised in data breach.

In May, there was a data breach of the US Department of Transportation (USDOT). Bad actors hit systems for processing TRANServe transit benefits that reimburse government employees for some commuting costs. While it did not affect any transportation safety systems, the personal information of 237,000 current and former Federal employees was compromised. USDOT is investigating the breach and has frozen access to the transit benefit system until it can be secured and restored. 

3.  Software vulnerability leads to Oregon Department of Transportation breach.

In June, the Oregon Department of Transportation (ODOT) experienced a data breach. Occurring in June of 2023, this was but one in a multitude of businesses and organizations that fell victim to a widespread attack in which bad actors exploited the MOVEit Transfer vulnerability to infiltrate systems. For ODOT, the breach was catastrophic and led to the compromise of approximately 3.5 million individuals whose personal information was stored on their network.

4. Multiple Federal agencies fall victim to Russian cybercriminals exploiting MOVEit.

In October, it was reported that in May of 2023 the email addresses of approximately 632,000 Pentagon and Department of Justice (DOJ) employees were hacked by a Russian cybercrime group known as Clop (or “Cl0p”) which—once again—exploited the MOVEit vulnerability. The US Department of Health and Human Services, Department of Agriculture, and the General Services Administration were also hit during this hack.


How to prevent government data breaches—8 actionable best practices 

The above data breaches are enough to make any government employee or agency feel a bit paranoid. The key to protecting your organization is to balance a healthy skepticism with strategic action. Our cybersecurity and risk management experts have pulled together these eight actionable strategies that you can implement quickly to improve your security posture.

1. Conduct continuous employee training.

Because one of the most common entry points for cyberattacks is human error, a good number of breaches can be prevented with employee education. After all, no amount of secure technology, antivirus software, or firewalls can stop careless security behaviors. Regular training and awareness programs can help mitigate the risks associated with social engineering and phishing attacks. 

2. Maintain strong password policies.

The importance of strong, unique passwords cannot be overstated. Governments should enforce strict password policies that ensure users cannot retain default passwords and employ parameters that force users to adopt unique passwords and update passwords regularly. Organizations should also implement multi-factor authentication (MFA) or two-factor authentication (2FA) for an added layer of security.

3. Stay up to date on software updates.

Cybercriminals often exploit vulnerabilities through outdated software. Regularly updating and patching operating systems and applications can help protect government systems from known vulnerabilities. These updates introduce new security features and vulnerability patches that help users and networks stay better protected from new and emerging threats. 

4. Encrypt your data.

Whenever possible, sensitive data should be encrypted both in transit and at rest. Encrypting data ensures that even if attackers successfully breach your system, the information they access remains unintelligible unless they have access to the decryption key. This just adds another layer of security that can reduce your risk in the event of a disaster.

5. Ensure regulatory compliance.

Government agencies have specific security requirements they need to meet. Ensure compliance with relevant cybersecurity regulations and standards, such as NIST, ISO 27001, or GDPR, depending on the nature of the data being handled. It may also be beneficial to employ a third-party cybersecurity vendor to ensure compliance for your organization so nothing is missed.

6. Have an incident response plan.

It’s not a matter of ‘if,’ but ‘when’ a cyberattack will occur. Having a well-defined incident response plan in place is essential for minimizing damage and ensuring a swift recovery. Don’t wait until you’ve suffered a breach to come up with a plan. Start formulating your response strategy now to minimize damage to both your systems and reputation later.

7. Leverage third-party risk assessments.

Government organizations often rely on third-party vendors for various services including those related to cybersecurity and risk management. Hire a vendor who can perform a thorough data and security risk assessment to ensure your cybersecurity measures meet or exceed the necessary standards for your sector. After all, it’s hard to shore up your defenses when you don’t know where you are vulnerable.

8. Complete regular audits and penetration testing.

Regular audits of your security posture—coupled with frequent penetration testing—can help identify vulnerabilities and weaknesses in your security infrastructure before disaster can strike. These tests can simulate real-world cyberattacks and attack vectors (such as test phishing emails) to assess the level of preparedness and awareness for your organization and its staff.


Cybersecurity starts with vigilance—and having the right partner goes a long way. 

The evolving threat landscape requires government agencies to be proactive in safeguarding their digital assets. Implementing these best practices can significantly reduce your agency’s risk of cybersecurity incidents. By staying informed of (and adapting to) emerging threats, government entities can better protect their data and maintain the trust of the citizens they serve. 

Of course, having a robust cybersecurity and risk management strategy is critical to not only identifying and addressing vulnerabilities early, but also having the right resources, response team, and plan in place to take immediate action if a breach is discovered. UDT has been on the front lines of cybersecurity since 1995, and we are uniquely positioned to help government organizations safeguard their valuable data and infrastructure.  

UDT offers cybersecurity tailored solutions to help you proactively monitor your organization’s risk and prioritize strategic security updates in areas with the most impact—without compromising on convenience, quality, or cost. To explore UDT’s adaptable portfolio of products and services, contact us today. 

What’s your security risk level?

Take UDT’s brief quiz for a preliminary cybersecurity recommendation.

Accomplish More With UDT

Get your custom solution in cybersecurity, lifecycle management, digital transformation and managed IT services. Connect with our team today.

More to explore

IT Compliance Training for the Finance Industry (Get Your Resource Kit Now)

Download UDT’s IT Compliance Kit for financial services – empowering IT leaders to educate staff on compliance, data protection, and security.

Trend Alert! An Insider’s Look at the Latest IT Solutions for the Finance Industry

Explore the latest IT trends in finance and how UDT’s cutting-edge cybersecurity and managed IT services redefine security for the digital age.

Streamlining IT Operations in the Finance Industry—Top 10 Strategies for IT Leaders

Unleash the power of UDT and Cisco solutions with top 10 strategies to streamline IT operations for finance—enhancing security, compliance, and efficiency.

IT Leaders—Here’s Your Checklist for Disaster Recovery Planning in the Finance Industry

Equip your IT department with a disaster recovery plan checklist. Navigate unexpected technological upheavals with UDT.

The Power of Proactive Maintenance: How to Optimize Your Remote Workforce

Are you an IT leader with a remote or hybrid workforce? Maximize your organization’s success with proactive IT. Discover how a Lifecycle Services partner empowers your remote teams for peak productivity.

IT Mythbusters: Top 9 Mistakes Businesses Make With Managed XDR

Confused about Managed XDR? You’re not alone. Stop alert overload, prioritize threats, and simplify security when you optimize MXDR the right way. Learn how.

Experiencing a security breach?

Get immediate assistance from our security operations center! Take the following recommended actions NOW while we get on the case:


  1. Determine which systems were impacted and immediately isolate them. Take the network offline at the switch level or physically unplug the systems from the wired or wireless network.
  2. Immediately take backups offline to preserve them. Scan backups with anti-virus and malware tools to ensure they’re not infected
  3. Initiate an immediate password reset on affected user accounts with new passwords that are no less than 14 characters in length. Do this for Senior Management accounts as well.

Just one more step

Please fill out the following form,