Federal agencies reported an 8 percent decrease in cybersecurity incidents in fiscal 2019, OMB but that “in no way indicates a reduction in the cybersecurity threat posed to the federal government.”
In an annual report on implementing the 2014 Federal Information Modernization Act, OMB said that agencies reported 28,581 cybersecurity incidents, which “is correlated with the continued maturation of agencies’ information security programs.” It said that 72 agencies received an overall rating of “managing risk” in the annual cybersecurity risk assessment.
However, it noted that “numerous government and industry cybersecurity reports continue to highlight the persistent threat posed by malicious cyber actors. The sophistication of techniques operationalized by these groups combined with an expanded attack surface, increases the risk of compromise to information systems.”
The most common type of incident was “improper usage,” which is defined as a violation of an organization’s acceptable use policy, up by nearly 3,000 to about 12,500. Email/phishing attacks were the second most common among those whose origin was specifically identifiable—about a quarter weren’t—although they decreased by about 2,500 to nearly 4,400.
Attacks from web-based applications and loss or theft of equipment accounted for the majority of the rest that could be identified.