Cybersecurity company SpyCloud has released a new report on identity exposure that has some troubling news for those in the government space. Globally, cybersecurity incidents that happened within a government organization increased 95% last year. Breaches within the US haven’t been growing at such a staggering rate, but SpyCloud says the number of breaches that contained .gov email addresses still rose by 14% in 2022. Considering the fact that there were 611 of those types of breaches identified in 2021, we’re now at a point where government emails are showing up in nearly two breaches per day.

One interesting distinction that was found in breaches involving the government as opposed to other sectors was that the credentials that were obtained were much more likely to have been retrieved using malware. Just under three quarters (74%) of the government logins were stolen using malware as opposed to just under half (48.5%) when looking at the entire set of compromised information. As support for older operating systems wanes, agencies need to be sure that their systems aren’t vulnerable as the people operating them will always have a tendency to be.

On that note, the report listed the top three passwords associated with exposed government accounts and it wasn’t an encouraging set of data. They were:

• 123456

• 12345678

• password

So while it’s certainly important to keep your systems up to date, it’s worth doing the same with your staff as well. The technology can only do so much if people aren’t making a real attempt to keep their credentials secure.

It wasn’t just government employees that were guilty of showing up in breaches, contractors showed up on the lists as well. Among a small sample of defense contractors, SpyCloud found 24,000 instances of malware that included things like administrator credentials.

While the distribution of cyberattacks won’t always be equal across countries or industries, governments, and particularly those in the United States, will always be a target for malicious actors. Rather than try to keep things like court dockets or land records that contain personally identifiable information hidden away from those who might exploit it, we’re of the mindset that many government documents are useful to the public and can be made available online once the sensitive information is redacted.

Extract offers an automated redaction software, ID Shield, that automates the process of redaction by converting images to machine readable text and applying sophisticated rules and machine learning to automatically find and permanently redact information from documents. If you’d like to learn more about our software, please take a look at some of our materials or don’t hesitate to reach out for more information.

About the Author: Chris Mack

Chris is a Marketing Manager at Extract with experience in product development, data analysis, and both traditional and digital marketing.  Chris received his bachelor’s degree in English from Bucknell University and has an MBA from the University of Notre Dame.  A passionate marketer, Chris strives to make complex ideas more accessible to those around him in a compelling way.