Report: National Security Orgs Rely on Manual Data Transfer

- The Everfox report surveyed 500 security leaders across the U.S. and UK in government, defense, and critical services. It found that while 84% of these leaders believe sharing sensitive data across networks increases cyber risk, a majority still use manual methods. - Legacy systems are a primary reason for the continued use of manual transfers; 78% of respondents cited outdated infrastructure as a major vulnerability. These systems often predate modern automation and are costly and disruptive to replace. - The risks associated with manual data handling include a higher chance of human error, inconsistent policy enforcement, and significant gaps in audit trails, making it difficult to track data movements. These gaps are prime targets for adversaries looking to exploit seams in data transfer processes. - The report highlights that the speed of decision-making is now a critical component of security. Manual processes create bottlenecks that can delay intelligence sharing and compromise the tempo of joint missions. - A Zero Trust Architecture (ZTA) addresses these risks by operating on a "never trust, always verify" principle, requiring continuous authentication for any user or device trying to access resources, regardless of its location. - Data-Centric Security complements Zero Trust by focusing on securing the data itself through measures like robust encryption for data both at rest and in transit, and implementing attribute-based access control (ABAC). - The push for these modern security models is underscored by major cyberattacks, such as the 2020 SolarWinds breach, which compromised multiple U.S. federal agencies for months by exploiting the software supply chain. - Penetration testers can specialize in identifying vulnerabilities in data transfer protocols and processes. Certifications like CompTIA PenTest+ and Offensive Security Certified Professional (OSCP) validate the skills needed to test and secure complex networks where such data resides.