Haythem Kouki
The federal government is well aware of the dangers of cyber attacks. In December 2024, Chinese hackers penetrated a Treasury Department vendor and accessed more than 3,000 unclassified files related to high-ranking officials. Just a month earlier, researchers had discovered Salt Typhoon, a Chinese attack breaching eight U.S. telecom providers; the attack began as much as two years ago and still infects the companies’ networks.
These and many other incidents demonstrate the importance of IT risk management, including automation of cybersecurity programs that can provide actionable insights and shift to proactive risk management. And agencies also must address IT vendor risk management, by increasing the frequency and depth of assessments, streamlining the implementation process, and prioritizing remediation efforts to protect against costly and dangerous data breaches.
Both of these efforts must be undertaken within cybersecurity compliance regulations – which can be centralized and streamlined by automating evidence collection and IT controls testing, and ensuring compliance with security standards and certifications.