COMMENTARY: Cybercriminals are becoming increasingly attracted to growing volumes of environmental data, which exposes critical information to new risks as federal agencies and organizations expand their data collection and sharing efforts.
Recent government oversight reports highlight how vulnerabilities—such as unverified user accounts and outdated access controls—can leave environmental databases open to exploitation, raising concerns about the security of the information that underlies public health decisions and regulatory compliance.
[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts.Read more Perspectives here.]
While these findings highlight the complexities of safeguarding critical infrastructure, they also offer valuable opportunities for agencies to strengthen their security and drive meaningful progress.
Moreover, this moment arrives as the White House’s June 2025 cybersecurity executive order ushers in a new era of cybersecurity policies across the federal government. For agencies and cybersecurity teams already challenged by limited resources and mounting threats, this moment serves as more than a wake-up call for sensitive environmental data—it’s a clear call to action to drive cyber innovation and strengthen resilience across the board.
As government-run systems increasingly collect, analyze and share data with the private sector, the full implications of potential security breaches or lapses are not always immediately obvious. However, there are various steps agencies can take now to protect sensitive data and build cyber resilience should it become compromised. Several important steps are recommended:
Strengthen identity verification: All users should have their identities thoroughly verified before being granted access, especially for specialized portals.
Reduce the attack surface: By embracing secure architectural principles and rigorous cyber hygiene—while prioritizing and applying patches based on risk—agencies can proactively reduce their attack surface and strengthen national resilience against evolving threats.
Improve account management: Teams should promptly disable inactive accounts, and strict password policies must be enforced to ensure no accounts remain active beyond allowed durations.
Validate data submissions: Update systems to block the entry of invalid or suspicious information, preventing fraudulent or unreliable data from being submitted.
Review security practices regularly: Keep security and contingency plans up-to-date, with regular risk assessments and annual testing to ensure readiness.
Adopt modern access management measures: Advanced identity and access management tactics can offer continuous authentication, adaptive risk assessment and comprehensive monitoring across all environments.
It’s essential to adopt an “assume breach” mindset while implementing zero-trust principles.
Recent federal audit findings highlight a simple truth for all federal agencies: attackers are already inside their networks. Organizations must assume breach and focus on continuous authentication, regular risk assessments, rapid incident response and quick cyber recovery to stay ahead of evolving threats.
Adversaries primarily target identities and data when infiltrating agency networks, so agencies must assume that attackers are already inside. To ensure cyber survivability, agencies should prioritize capturing and securely backing up critical data, systems, and configurations in resilient environments. IT and security teams must maintain secure copies of essential assets and rigorously assess cyber hygiene, eliminating unauthorized access and patching exposed systems to reduce insider threats.
It’s essential to implement zero-trust principles: agencies should verify every access request, regardless of its origin. This requires continuous assessment and authorization based on user identity, device health, location and other relevant factors to ensure only legitimate users and devices can access critical resources.
Federal agencies can strengthen data protection by adopting advanced backup and recovery strategies.
Attackers are targeting backup systems intended to protect agencies from data loss or ransomware attacks. Ransomware and other cyber threats are increasingly designed to find and compromise backup systems, aiming to prevent data recovery and increase the pressure on victims to pay a ransom. For instance, Qilin has emerged as a significant ransomware threat in the U.S., increasingly targeting governments with double extortion tactics that combine rapid, robust encryption, deletion of backups, and exfiltration of sensitive data.
Here are steps agencies can take to secure backups and make them resilient, techniques that private sector companies can also apply. They include deploying the following:
Air-gapped backups: Store backups in isolated or air-gapped locations, separated from the main network to prevent malware from spreading to them.
Immutable snapshots: Implement immutable snapshots, which are unchangeable, read-only copies of data that cannot be altered or deleted once created, even by ransomware, unauthorized individuals or authorized administrators.
Threat hunting: Use threat hunting to analyze backup data for indicators of compromise (IOCs), identifying compromised systems and determining clean recovery points. Threat hunting can pinpoint the last known clean backup snapshot, allowing for a fast and safe recovery process.
Cyber resilience has become an urgent necessity. As nation-state actors and hacktivist groups intensify their focus on government and their third-party private sector partners, security teams should implement effective cyber resilience measures going forward to ensure strong access control across the federal government.
Travis Rosiek, public sector chief technology officer, RubrikSC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Get daily email updates
SC Media’s daily must-read of the most current and pressing daily news
