ByISBuzz Staff Editorial Team , Information Security Buzz | Aug 22, 2022 05:13 am PST
It has been announced that the US government is banning insecure software from its procurement process in a bid to improve the country’s cyber security.
This is a positive step forward from the US government and it highlights the country’s determination towards a secure digital future.
The legislation will not only prohibit software that contain vulnerabilities being used by the US government, but it will also encourage manufacturers to employ secure-by-design principles which will introduce significant security improvements.
However, what the US government must realise is that patching vulnerabilities will only address a fraction of the real problem. Yes, vulnerabilities leave holes in networks, but the preferred entry for an attacker is still using stolen employee credentials.
As a result, the US government needs to improve security by implementing encrypted access for all employees. Otherwise, they are leaving a major vulnerability within their systems, and when they do not control network access, they no longer control their data.
By encrypting access, government workers will not know their own credentials, so they can’t be phished or stolen, which provides an important layer of security while firmly closing the door on unauthorised intruders.
This is a positive step forward from the US government and it highlights the country’s determination towards a secure digital future.
The legislation will not only prohibit software that contain vulnerabilities being used by the US government, but it will also encourage manufacturers to employ secure-by-design principles which will introduce significant security improvements.
However, what the US government must realise is that patching vulnerabilities will only address a fraction of the real problem. Yes, vulnerabilities leave holes in networks, but the preferred entry for an attacker is still using stolen employee credentials.
As a result, the US government needs to improve security by implementing encrypted access for all employees. Otherwise, they are leaving a major vulnerability within their systems, and when they do not control network access, they no longer control their data.
By encrypting access, government workers will not know their own credentials, so they can’t be phished or stolen, which provides an important layer of security while firmly closing the door on unauthorised intruders.