Federal agencies saw an almost 10 percent rise in cyber incidents throughout fiscal year (FY) 2023, according to the latest Federal Information Security Modernization Act (FISMA) report to Congress. However, despite the surge, the report also highlights an increase in improved cyber detection capabilities.
Federal agencies disclosed 32,211 cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA) in FY2023, marking a 9.9 percent surge from the 29,319 incidents reported in FY2022.
Most of these incidents fell under the ‘minor’ category according to CISA’s National Cyber Incident Scoring System, indicating minimal impact on critical sectors or public welfare.
Thirty-eight percent of the reported incidents, totaling more than 12,000 cases, stemmed from improper usage, indicating violations of acceptable use policies. According to the report, this suggests “that although agencies have processes or capabilities that detect when a security policy is being violated, many lack automated enforcement or prevention mechanisms.”
Additionally, email phishing emerged as the second most prevalent attack vector, with a more than 50 percent increase in 2023 compared to the previous year.
However, despite the surge in attacks, the report also highlights an increase in improved cyber detection and categorization capabilities, which was “evident in the significant decrease in incidents with ‘Other/Unknown’ as the attack vector,” according to the report.
“The number of these uncategorized events has significantly dropped both in overall number of incidents (from 11,144 in FY 2022 to 5,687 in FY 2023) and the percentage of incidents when compared to the total for that year (from 38 percent in FY2022 to 18 percent in FY2023),” the report says.
Additionally, agencies have improved in their adoption of cyber defensive measures. Specifically, the report found that Federal agencies selected an enterprise endpoint detection and response (EDR) platform in accordance with the Office of Management and Budget’s 2021 memo on ‘Improving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Systems through Endpoint Detection and Response.’
According to the report, there is a “rapid and widespread deployment of EDR capabilities across the Federal enterprise. And, to ensure greater coordination and visibility, every agency has worked with CISA to select and deploy an enterprise EDR platform, as necessary.”
“Agencies have also improved their ability to capture, analyze, or store logs, and the quality of collected logs has improved,” the report adds.